Updated to include ECMA-424

CycloneDX · Dec 5, 2024 · ba05beb · ba05beb
1 parent 33461b1
commit ba05beb
Show file tree

Hide file tree

Showing 12 changed files with 55 additions and 33 deletions.
diff --git a/Attestations/en/0x01-Frontispiece.md b/Attestations/en/0x01-Frontispiece.md
@@ -4,7 +4,7 @@
 # Frontispiece
 
 ## About the Guide
-CycloneDX is a modern standard for the software supply chain.
+CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International.
 
 The content in this guide results from continuous community feedback and input from leading experts in the software 
 supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry 

diff --git a/Attestations/en/0x02-Preface.md b/Attestations/en/0x02-Preface.md
@@ -13,10 +13,9 @@ community-driven ecosystem for security standards development. This collaboratio
 their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
 cybersecurity community.
 
-One standout example of this model is OWASP CycloneDX, which is on track to becoming an Ecma International
-standard through Technical Committee 54 (TC54). By leveraging the strengths of both organizations, CycloneDX is poised
-to become a cornerstone of security best practices, providing organizations with a universal standard for software and
-system transparency.
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security
+best practices, providing organizations with a universal standard for software and system transparency.
 
 As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
 and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital

diff --git a/CBOM/en/0x01-Frontispiece.md b/CBOM/en/0x01-Frontispiece.md
@@ -4,7 +4,7 @@
 # Frontispiece
 
 ## About the Guide
-CycloneDX is a modern standard for the software supply chain.
+CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International.
 
 The content in this guide results from continuous community feedback and input from leading experts in the software
 supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry

diff --git a/CBOM/en/0x02-Preface.md b/CBOM/en/0x02-Preface.md
@@ -13,10 +13,9 @@ community-driven ecosystem for security standards development. This collaboratio
 their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
 cybersecurity community.
 
-One standout example of this model is OWASP CycloneDX, which is on track to becoming an Ecma International
-standard through Technical Committee 54 (TC54). By leveraging the strengths of both organizations, CycloneDX is poised
-to become a cornerstone of security best practices, providing organizations with a universal standard for software and
-system transparency.
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security
+best practices, providing organizations with a universal standard for software and system transparency.
 
 As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
 and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital

diff --git a/ML-BOM/en/0x01-Frontispiece.md b/ML-BOM/en/0x01-Frontispiece.md
@@ -4,7 +4,7 @@
 # Frontispiece
 
 ## About the Guide
-CycloneDX is a modern standard for the software supply chain.
+CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International.
 
 The content in this guide results from continuous community feedback and input from leading experts in the software
 supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry

diff --git a/ML-BOM/en/0x02-Preface.md b/ML-BOM/en/0x02-Preface.md
@@ -13,10 +13,9 @@ community-driven ecosystem for security standards development. This collaboratio
 their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
 cybersecurity community.
 
-One standout example of this model is OWASP CycloneDX, which is on track to becoming an Ecma International
-standard through Technical Committee 54 (TC54). By leveraging the strengths of both organizations, CycloneDX is poised
-to become a cornerstone of security best practices, providing organizations with a universal standard for software and
-system transparency.
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is 
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security 
+best practices, providing organizations with a universal standard for software and system transparency.
 
 As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
 and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital

diff --git a/SBOM/en/0x01-Frontispiece.md b/SBOM/en/0x01-Frontispiece.md
@@ -4,7 +4,7 @@
 # Frontispiece
 
 ## About the Guide
-CycloneDX is a modern standard for the software supply chain.
+CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International.
 
 The content in this guide results from continuous community feedback and input from leading experts in the software
 supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry

diff --git a/SBOM/en/0x02-Preface.md b/SBOM/en/0x02-Preface.md
@@ -13,10 +13,9 @@ community-driven ecosystem for security standards development. This collaboratio
 their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
 cybersecurity community.
 
-One standout example of this model is OWASP CycloneDX, which is on track to becoming an Ecma International
-standard through Technical Committee 54 (TC54). By leveraging the strengths of both organizations, CycloneDX is poised
-to become a cornerstone of security best practices, providing organizations with a universal standard for software and
-system transparency.
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security
+best practices, providing organizations with a universal standard for software and system transparency.
 
 As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
 and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital

diff --git a/SaaSBOM/en/0x01-Frontispiece.md b/SaaSBOM/en/0x01-Frontispiece.md
@@ -4,7 +4,7 @@
 # Frontispiece
 
 ## About the Guide
-CycloneDX is a modern standard for the software supply chain.
+CycloneDX is a modern standard for the software supply chain. It has been ratified as [ECMA-424](https://ecma-international.org/publications-and-standards/standards/ecma-424/) by Ecma International.
 
 The content in this guide results from continuous community feedback and input from leading experts in the software
 supply chain security field. This guide would not be possible without valuable feedback from the CycloneDX Industry

diff --git a/SaaSBOM/en/0x02-Preface.md b/SaaSBOM/en/0x02-Preface.md
@@ -1,14 +1,25 @@
 # Preface
 
-Secure supply chains are the foundational building block of modern cyber security. Without being able to describe a system’s components in a machine-consumable way, organizations and software consumers are in the dark if they are at risk of exploitation of known defects or vulnerabilities.
-
-Innovation drives the evolution of Software Bill of Materials (SBOM). I was lucky enough to attend one of the meetings held between the CycloneDX and SPDX teams at a Linux Foundation conference moderated by the fine folks at CISA. The drivers for CycloneDX 1.5 include improvements in interoperability and transparency.
-
-Software authors, from hobbyists to software vendors, can quickly adopt CycloneDX in their tooling, producing artifacts that will help consumers understand and manage the risk of the multitude of software that most organizations rely on daily.
-
-A few years ago, I was involved in a project to review 1700 business-critical applications in 90 days for known software vulnerabilities. If the organization had access to CycloneDX SBOMs, this would have been a trivial task, time that could have been more usefully spent on remediation rather than discovery. Sadly, most of the time was spent working out what software had old faulty components rather than addressing the very real risk of known software vulnerabilities. We were plagued with false positives from the tooling we used simply because scanning software without SBOMs is a heuristic-driven discovery process that is inefficient and wastes a great deal of time we didn’t have. SBOMs resolve these issues, reduce costs, and reduce risk to all involved.
-
-I commend the CycloneDX team for a highly polished revision of their standard, one that evolves the state of the art.
+Welcome to the Authoritative Guide series by the OWASP Foundation and OWASP CycloneDX. In this series, we aim to
+provide comprehensive insights and practical guidance, ensuring that security professionals, developers, and
+organizations alike have access to the latest best practices and methodologies.
+
+At the heart of the OWASP Foundation lies a commitment to inclusivity and openness. We firmly believe that everyone
+deserves a seat at the table when it comes to shaping the future of cybersecurity standards. Our collaborative
+model fosters an environment where diverse perspectives converge to drive innovation and excellence.
+
+In line with this ethos, the OWASP Foundation has partnered with Ecma International to create an inclusive,
+community-driven ecosystem for security standards development. This collaboration empowers individuals to contribute
+their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
+cybersecurity community.
+
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security
+best practices, providing organizations with a universal standard for software and system transparency.
+
+As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
+and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital
+world for all.
 
 ---
 

diff --git a/VDR_VEX/en/0x02-Preface.md b/VDR_VEX/en/0x02-Preface.md
@@ -1,10 +1,25 @@
 # Preface
 
-Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent ullamcorper laoreet neque, id lobortis neque tincidunt quis. Cras eu dui diam. Mauris volutpat mattis est id ultricies. Vivamus eu semper ipsum. Sed aliquam ut enim consectetur maximus. Cras eu finibus dui. Vestibulum ante ipsum primis in faucibus orci luctus et ultrices posuere cubilia curae; Maecenas lorem mi, tincidunt sed elit in, malesuada tempor magna.
+Welcome to the Authoritative Guide series by the OWASP Foundation and OWASP CycloneDX. In this series, we aim to
+provide comprehensive insights and practical guidance, ensuring that security professionals, developers, and
+organizations alike have access to the latest best practices and methodologies.
 
-Sed maximus ligula non condimentum condimentum. Fusce id augue tempus, egestas ligula vehicula, volutpat purus. Duis ut nisi nec massa rhoncus bibendum tristique nec enim. Nulla facilisi. Donec dui lectus, condimentum vel nisi at, porta iaculis velit. Fusce nec tortor justo. Proin eget tellus fermentum, mollis nisl id, hendrerit justo. Quisque eget libero ut neque vestibulum lacinia in viverra dui. Nam semper lacus vel neque gravida cursus. Curabitur eu purus pulvinar, feugiat justo in, mattis ante. Donec ex nisl, elementum sit amet dui et, sollicitudin finibus lorem. Morbi nec eleifend purus.
+At the heart of the OWASP Foundation lies a commitment to inclusivity and openness. We firmly believe that everyone
+deserves a seat at the table when it comes to shaping the future of cybersecurity standards. Our collaborative
+model fosters an environment where diverse perspectives converge to drive innovation and excellence.
 
-Mauris vestibulum in nulla eget sodales. Praesent sit amet dictum lacus. Donec urna magna, egestas vitae nisi sed, cursus sagittis turpis. Ut ut pellentesque nisi. Sed ac risus nisl. Maecenas at ultrices lorem, tempus sagittis nisi. Nulla eu ante iaculis, placerat risus laoreet, dignissim ligula. Fusce purus orci, efficitur id sodales hendrerit, fringilla ac eros. Maecenas congue sem urna, id feugiat tellus venenatis quis. Nullam sem tortor, sodales sit amet turpis eget, porta commodo tortor.
+In line with this ethos, the OWASP Foundation has partnered with Ecma International to create an inclusive,
+community-driven ecosystem for security standards development. This collaboration empowers individuals to contribute
+their expertise and insights, ensuring that standards like CycloneDX reflect the collective wisdom of the global
+cybersecurity community.
+
+One standout example of this model is OWASP CycloneDX, which has been ratified as an Ecma International standard and is
+now known as ECMA-424. By leveraging the strengths of both organizations, CycloneDX serves as a cornerstone of security
+best practices, providing organizations with a universal standard for software and system transparency.
+
+As you embark on your journey through this Authoritative Guide, we encourage you to engage actively with the content
+and join us in shaping the future of cybersecurity standards. Together, we can build a safer and more resilient digital
+world for all.
 
 ---
 

diff --git a/images/CycloneDX-History-Timeline.afdesign b/images/CycloneDX-History-Timeline.afdesign