Working group Secure supply chains/Open Source


About the group

Innovation depends on openness and cooperation, therefore the focus on open source in supply chains. Vulnerabilities such as Log4J and the escalation of cyber-attacks have sparked initiatives in both the US and Europe to improve security. The group will share knowledge and also analyze supply chain related topics on a global scale such as the EU Cyber Resilience Act (CRA) and OpenSSF. 

Ongoing work

The has been published by a member in Cybernode as open source. The resolver is an innovative solution that backtracks a software supply chain for the Alpine ecosystem. The is a forum for Swedish authorities for sharing data and knowledge about open source. In addition to complete rebuild in isolation, the resolver is also capable of distributing revenues generated by providing compliance evidence. The goal is to have continuous and granular funding of open source projects in the software supply chain.

Security category for the group: not yet decided.

Language: English and Swedish (when possible). 

Group leader: Hans Thorsen Lamm


Participating companies/organizations:  Lamm Consulting, Edvina AB, RISE, Linköping university, Redigo. 

If you are interested in participating in the group, contact Hans Thorsen Lamm or Cybernode coordinator Martin Bergling.

This web page will be continuously updated with:

  • Meeting presentations
  • Meeting recordings
  • Reference project(s) for SBOM
  • SBOM related information

Meeting recordings and presentations (the newest at the top):

About our meetings:

  1. We will use English as standard language from now on (since some of the potential participants are English speaking, and since the group are addressing a global issue).
  2. The presentations at our meetings will be recorded (and published at our web page), but the following discussions will NOT be recorded.

About Hans Thorsen Lamm: Experience of products, services and ideas from previos assignments at Ericsson, Saab, T2Data, Assa Abloy, Silicon Graphics etc.  Several patents related to information security.  My contribution to this group is a SBOM related tool, presented at FossDEM 2022.