Start / Open Source Security / Episode 410 package identifiers are really hard

Open Source Security

Episode 410 - Package identifiers are really hard

32 min • 8 januari 2024

Josh and Kurt talk about package identifiers. We break this down in the context of an OpenSSF response to a CISA paper on software identifications. The identifiers that get all the air time are purl, CPE, SWID, and OmniBOR. This is a surprisingly complex problem space. It feels easy, but it's not.

Show Notes

Senaste avsnitt

Package URLs with Philippe Ombredanne

23 juni | 37 min

Hobbyist Maintainers with Thomas DePierre

16 juni | 49 min

STIG automation with Aaron Lippold

9 juni | 33 min

Ecosyste.ms with Andrew Nesbitt

2 juni | 36 min

Curl vs AI with Daniel Stenberg

26 maj | 34 min
Vad är en podd?

En liten tjänst av I'm With Friends. Finns även på engelska.

Podcastbild

00:00 -00:00
00:00 -00:00