Theme group ”BomResolver”

[24-05-03]
About the group

The theme group ”BomResolver” is a technology-oriented subgroup, focused on an innovative solution that can content declare, with an SBOM, a software in Linux/Alpine.

(In parallell with the theme group, a (closed) development project has now (Dec-23) been started, outside the scope of Cybernode.)

  • The group is led by Hans Thorsen Lamm at Lamm Consulting. Email: hans@lammda.se.

Some background

This Cybernode working group started in February 2023, based on an initiative from Lamm Consulting. One purpose was to continue a project (BomResolver) presented at FOSSDEM 2022.

In early 2022, Ericsson presented the BomResolver at FossDem after deciding that the software, originally a prototype, could be further developed as open source. Through Vinnova, the project ended up at the Cybernode, and in February 2023, the working group for secure supply chains was initiated. Together with Swedish and foreign partners, three funding applications have been made following the Cybernode’s model. In consultation with the centre director, the group now have an wider scope, and since August 2023, it has been led by a new group leader. The resolver project is now being conducted outside the node and can be followed at https://bomresolver.io.

The https://bomresolver.io has been published as open source. The resolver is an innovative solution that backtracks a software supply chain for the Alpine ecosystem. In addition to complete rebuild in isolation, the resolver is also capable of distributing revenues generated by providing compliance evidence. A rebuild has been done for https://nosad.se, which is a forum for Swedish authorities for sharing data and knowledge about open source.

The goal for the working group is to have continuous and granular funding of open source projects, in order to support security in the software supply chain area.

Language: English and Swedish (when possible). 

Subgroup participating companies/organizations:  Lamm Consulting, Edvina AB, RISE, Linköping university, Redigo. //to be updated//

If you are interested in participating in the subgroup, contact Hans Thorsen Lamm, hans@lammda.se.

This web page will be continuously updated with:

  • Meeting presentations
  • Meeting recordings
  • Reference project(s) for SBOM
  • SBOM related information

Upcoming meetings

Meeting recordings and presentations (the newest at the top):

About our subgroup meetings

  1. We will use English as standard language from now on (since some of the potential participants are English speaking, and since the group are addressing a global issue).
  2. The presentations at our meetings will be recorded (and published at our web page), but the following discussions will NOT be recorded.

About Hans Thorsen Lamm: Experience of products, services and ideas from previous assignments at Ericsson, Saab, T2Data, AssaAbloy, Silicon Graphics etc.  Several patents related to information security.  My main contribution to this subgroup is a SBOM related tool, presented at FossDEM 2022.