Jamie Clark<p><a href="https://infosec.exchange/tags/OASIS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OASIS</span></a> has launched an open software supply chain info modeling (<a href="https://infosec.exchange/tags/OSIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OSIM</span></a>) TC , which aims to standardize and promote open <a href="https://infosec.exchange/tags/informationmodels" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationmodels</span></a> for software provenance and <a href="https://infosec.exchange/tags/supplychain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supplychain</span></a> <a href="https://infosec.exchange/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>. How do <a href="https://infosec.exchange/tags/SBOM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBOM</span></a>, VEX, CSAF, <a href="https://infosec.exchange/tags/CycloneDX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CycloneDX</span></a>, and all that fit together? Come see. Checkmarx, Cisco, Cyware, Google, IBM, LegitSecurity, Microsoft, Root, SAP, CISA, and US NSA are already in.<br><a href="https://www.oasis-open.org/2024/06/20/oasis-launches-osim/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">oasis-open.org/2024/06/20/oasi</span><span class="invisible">s-launches-osim/</span></a></p>