Patrick Dwyer

2.2K posts

Patrick Dwyer

@coderpatros

Principal Consultant @CyberCX and @OWASP @CycloneDX_Spec #SBOM Project Co-Lead. All views are my own.

Sunshine Coast, Queensland Sumali Mayıs 2014

428 Sinusundan472 Mga Tagasunod

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·14 Nis

Today, we're launching CycloneDX Assessors Studio (alpha). Built for maturity tracking, compliance audits, and supply chain vendor trust. Turn compliance checklists into verifiable attestations. #CycloneDX #OWASP #Compliance #GRC #OpenSource assessors.studio

English

183

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·3 Mar

The Authoritative Guide to AI/ML-BOM from CycloneDX just dropped. Full transparency into your ML supply chain: security, compliance, data lineage, reproducibility. AI regulations are here. Be ready. #AI #AIBOM #SBOM #OWASP #CycloneDX cyclonedx.org/guides/

English

159

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·21 Nis

Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more. Free registration, thanks to @OWASP & @EcmaIntl cyclonedx.org/events/hackath… #CycloneDX #SBOM

English

Patrick Dwyer nag-retweet

DDD Brisbane@DDDBrisbane·12 Ağu

We're now accepting sponsorship for our 2024 conference, held at Brisbane State High School on December 7th. Get your brand in front of 450+ developers, testers, managers, and more! DM or email sponsorship@dddbrisbane.com for a copy of our 2024 prospectus.

English

1.3K

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·1 Tem

We are excited to announce that CycloneDX v1.6 has been officially ratified as an Ecma International standard following a decisive vote at the Ecma General Assembly on 26 June. #SBOM #CycloneDX #OWASP #SoftwareSupplyChain #Ecma #TC54 cyclonedx.org/news/cyclonedx…

English

3.6K

Patrick Dwyer nag-retweet

Tanya Janca | Shehackspurple@shehackspurple·1 May

Today is the launch of @Semgrep Academy! Free courses on #AppSec, Secure Coding, #API Security, Functional Programming, and MORE! Please go check it out here: Academy.Semgrep.dev

English

138

346

99.6K

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·12 Nis

#OWASP CycloneDX v1.6 now available with support for Cryptography Bill of Materials (CBOM), Attestations, and more. Explore whats new in the: - Authoritative Guide to CBOM - Authoritative Guide to Attesations - Authoritative Guide to SBOM, Second Edition cyclonedx.org/guides/

English

346

Patrick Dwyer nag-retweet

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec·9 Nis

CycloneDX v1.6 has landed with support for tracking cryptographic assets and their dependencies for Post-Quantum Cryptography (PQC) readiness. #CBOM CycloneDX Attestations provides “compliance as code” Enhancements to existing AI/ML support… #SBOM cyclonedx.org/news/cyclonedx…

English

2.5K

Patrick Dwyer nag-retweet

OWASP® Foundation@owasp·2 Şub

Be a driving force in advancing the #OWASP Foundation's mission! Join us as a Corporate Supporter and create a meaningful impact with your support! 🌐🤝 owasp.org/supporters/pac… #Cybersecurity #InfoSec #supportnonprofit #nonprofit #benefits #appsec #developers

English

3.7K

Patrick Dwyer nag-retweet

BSides Brisbane@Bsides_BNE·10 Oca

#BSidesBrisbane is back! We're seeking sponsors to help make this year's security conference a success. Email sponsorship@bsidesbrisbane.com for more info, or hit up the website for the prospectus here: buff.ly/3JiimsB

English

889

Patrick Dwyer nag-retweet

BSides Brisbane@Bsides_BNE·1 Oca

Happy New Year to all! Start the year with a bang by securing your seat at the #BSidesBrisbane2024 event. Tickets are on sale now, don't miss out! The first 50 ticket sales using discount code BSIDES-EARLYBIRD will receive 10% off Grab your tickets here: buff.ly/3GYQnN7

English

1.8K

Patrick Dwyer nag-retweet

TC54@EcmaTC54·19 Ara

The Ecma TC54 website is now live! Visit tc54.org to learn more about the ongoing work the technical committee is pursuing and how to contribute. #ecma #tc54 #owasp #cyclonedx #sbom

English

245

Patrick Dwyer nag-retweet

TC54@EcmaTC54·14 Ara

Ecma TC54 is holding its first call on Thursday, 13 December at 10:30 U.S. Eastern. Meetings are open to Ecma member organizations. Reach out to @stevespringett and @littledan for Zoom link.

English

455

Patrick Dwyer nag-retweet

Dependency-Track@DependencyTrack·14 Ara

Thank you SANS for this incredible honor. The Dependency-Track project would not be possible without our amazing community of maintainers, contributors, and the organizations that entrust #OWASP in helping reduce their supply chain risk. #SBOM #CycloneDX #EO14028

SANS Institute@SANSInstitute

Open-Source Tool of the Year 💻 goes to the person or organization that created an open-source tool that is of significant value to the community. This year, @DependencyTrack was the Community Winner! Congrats! #SANSDMA

English

5.4K

Patrick Dwyer nag-retweet

swisscyberstorm@swisscyberstorm·6 Ara

The @CycloneDX_Spec (Software Bill of Materials Standard) project took a step further with the convening of a new technical committee at @EcmaIntl. @coderpatros, co-lead of the project, spoke about this at @swisscyberstorm 2021. See his talk here: youtu.be/zQmtdV-4ZiQ?si…

YouTube

TC54@EcmaTC54

Earlier today, Technical Committee 54 was officially convened within @EcmaIntl as a royalty-free task group. #TC54 is chartered with standardizing #OWASP @CycloneDX_Spec, standards and algorithms that advance transparency and sharing of this information across the supply chain.

English

304

Patrick Dwyer nag-retweet

TC54@EcmaTC54·6 Ara

English

17.5K

Patrick Dwyer nag-retweet

OWASP SCVS Standard@OWASP_SCVS·31 Eki

We’re proud to announce the immediate availability of the SCVS BOM Maturity Model. The model allows organizations to evaluate #SBOM quality and mature and optimize their investment in software and system transparency. einpresswire.com/article/665343… #OWASP

English

491

Patrick Dwyer nag-retweet

Tech At Bloomberg@TechAtBloomberg·12 Eki

Bloomberg is proud to be a founding member of @EcmaIntl's TC54, which will work with @owasp on standardizing #CycloneDX & related technologies to improve software and system transparency, which are critical to securing the #softwaresupplychain for modern applications #SBOM

CycloneDX SBOM Spec (OWASP)@CycloneDX_Spec

@owasp Foundation Joins Ecma International to Drive Software Transparency and Standardization of OWASP #CycloneDX. Press release: einpresswire.com/article/661184… Blog post: owasp.org/blog/2023/10/1… #SBOM #SoftwareTransparency #SaaSBOM #HBOM #CBOM #EO14028

English

8.3K

Patrick Dwyer@coderpatros·21 Tem

@tuckner @allanfriedman I wouldn't typically store it in the repo unless you are manually managing dependencies, and the SBOM. The first place I would store it is as an additional build artifact. And then publish it to something like Dependency-Track as part of the release process.

English

tuckner@tuckner·20 Tem

@coderpatros @allanfriedman Nothing specific which I'm realizing is a problem. For sake of an example, lets just assume an internal project with a org requirement to have an SBOM generated for it.

English

tuckner@tuckner·19 Tem

Where are folks storing their SBOMs? Top level of the repo? What is a standard file name for it? Just sbom.format? @allanfriedman if you're around

English

3.2K

Tuklasin

@OWASP @EcmaIntl @semgrep @littledan @CycloneDX_Spec @swisscyberstorm @owasp @tuckner