-
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: steve.springett <[email protected]>
- Loading branch information
steve.springett
committed
Dec 16, 2024
1 parent
e18ac96
commit 6673934
Showing
4 changed files
with
88 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,39 @@ | ||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \newpage | ||
| </div> | ||
| # Frontispiece | ||
|
|
||
| ## About the Guide | ||
| CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International. | ||
|
|
||
| The content in this guide results from continuous community feedback and input from leading experts in the software | ||
| supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry | ||
| Working Group (IWG), the CycloneDX Core Working Group (CWG), the many CycloneDX Feature Working Groups (FWG), | ||
| Ecma International Technical Committee 54, and a global network of contributors and supporters. | ||
|
|
||
| ## Copyright and License | ||
|
|
||
|  | ||
|
|
||
| Copyright © 2025 The OWASP Foundation. | ||
|
|
||
| This document is released under the [Creative Commons Attribution 4.0 International](https://creativecommons.org/licenses/by/4.0/). | ||
| For any reuse or distribution, you must make clear to others the license terms of this work. | ||
|
|
||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \emptyparagraph | ||
| </div> | ||
|
|
||
| First Edition, 00 Month 2025 | ||
|
|
||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \emptyparagraph | ||
| </div> | ||
|
|
||
| | Version | Changes | Updated On | Updated By | | ||
| |----------------|----------------------------|------------|------------------------------| | ||
| | First Edition | Initial Release | 2025-xx-xx | CycloneDX Core Working Group | | ||
|
|
||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \newpage | ||
| </div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Preface | ||
|
|
||
| Welcome to the Authoritative Guide series by the OWASP Foundation and OWASP CycloneDX. In this series, we aim to | ||
| provide comprehensive insights and practical guidance, ensuring that security professionals, developers, and | ||
| organizations alike have access to the latest best practices and methodologies. | ||
|
|
||
| At the heart of the OWASP Foundation lies a commitment to inclusivity and openness. We firmly believe that everyone | ||
| deserves a seat at the table when it comes to shaping the future of cybersecurity standards. Our collaborative | ||
| model fosters an environment where diverse perspectives converge to drive innovation and excellence. | ||
|
|
||
| In line with this ethos, the OWASP Foundation has partnered with Ecma International to create an inclusive, | ||
| community-driven ecosystem for security standards development. This collaboration empowers individuals to contribute | ||
| their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global | ||
| cybersecurity community. | ||
|
|
||
| One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is | ||
| now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security | ||
| best practices, providing organizations with a universal standard for software and system transparency. | ||
|
|
||
| As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content | ||
| and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital | ||
| world for all. | ||
|
|
||
| --- | ||
|
|
||
| Andrew van der Stock | ||
| Executive Director, OWASP Foundation | ||
|
|
||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \newpage | ||
| </div> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| # The Innovative History of OWASP CycloneDX | ||
|
|
||
| OWASP CycloneDX has carved a legacy steeped in innovation, collaboration, and a commitment to openness. OWASP | ||
| continues to advance software and system transparency standards, prioritizing capabilities that facilitate risk reduction. | ||
|
|
||
|  | ||
| _Source: [https://tc54.org/history](https://tc54.org/history)_ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # Introduction | ||
| CycloneDX is a modern standard for the software supply chain. At its core, CycloneDX is a general-purpose Bill of | ||
| Materials (BOM) standard capable of representing software, hardware, services, and other types of inventory. CycloneDX | ||
| is an OWASP flagship project, has a formal standardization process and governance model through | ||
| [Ecma Technical Committee 54](https://tc54.org), and is supported by the global information security community. | ||
|
|
||
| TODO | ||
|
|
||
| <div style="page-break-after: always; visibility: hidden"> | ||
| \newpage | ||
| </div> |