Steve Springett
@stevespringett.bsky.social
Father, husband, cybersecurity professional, lover of all things that go “vrooom”, and avid watch collector.
Creator of OWASP Dependency-Track. Chair of OWASP CycloneDX and Ecma TC54. OWASP Global Board of Directors.
https://about.me/stevespringett
Creator of OWASP Dependency-Track. Chair of OWASP CycloneDX and Ecma TC54. OWASP Global Board of Directors.
https://about.me/stevespringett
Reposted by Steve Springett
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
CycloneDX SBOM Spec (OWASP) on X: "CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity" / X
CycloneDX v1.7 is here! The latest release strengthens software & system transparency with: - Cryptography BOM (CBOM) - Data provenance & citations - Intellectual property visibility Learn more: https://t.co/VjHCDgC5tL #OWASP #CycloneDX #SBOM #CBOM #CyberSecurity
x.com
October 21, 2025 at 3:40 PM
CycloneDX v1.7 is here!
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
The latest release strengthens software & system transparency with:
- Cryptography BOM (CBOM)
- Data provenance & citations
- Intellectual property visibility
Learn more: cyclonedx.org/news/cyclone...
#OWASP #SBOM #CBOM #CyberSecurity
Reposted by Steve Springett
🎉 Big news from the OWASP Nest Team! 🎉
We're thrilled to share that OWASP Nest has officially been promoted from the Incubator level to the Lab level!
www.linkedin.com/feed/update/...
We're thrilled to share that OWASP Nest has officially been promoted from the Incubator level to the Lab level!
www.linkedin.com/feed/update/...
October 11, 2025 at 4:57 PM
🎉 Big news from the OWASP Nest Team! 🎉
We're thrilled to share that OWASP Nest has officially been promoted from the Incubator level to the Lab level!
www.linkedin.com/feed/update/...
We're thrilled to share that OWASP Nest has officially been promoted from the Incubator level to the Lab level!
www.linkedin.com/feed/update/...
For those of you that despise Liquid Glass, there's a way to disable it on macOS Tahoe.
defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES
This reddit thread has more info.https://www.reddit.com/r/macapps/comments/1nz6tco/open_source_disable_liquid_glass_with_solidglass/
defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES
This reddit thread has more info.https://www.reddit.com/r/macapps/comments/1nz6tco/open_source_disable_liquid_glass_with_solidglass/
Reddit - The heart of the internet
www.reddit.com
October 6, 2025 at 6:32 PM
For those of you that despise Liquid Glass, there's a way to disable it on macOS Tahoe.
defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES
This reddit thread has more info.https://www.reddit.com/r/macapps/comments/1nz6tco/open_source_disable_liquid_glass_with_solidglass/
defaults write -g com.apple.SwiftUI.DisableSolarium -bool YES
This reddit thread has more info.https://www.reddit.com/r/macapps/comments/1nz6tco/open_source_disable_liquid_glass_with_solidglass/
Reposted by Steve Springett
Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more.
Free registration, thanks to @owasp.org and Ecma International.
cyclonedx.org/events/hacka...
#CycloneDX #SBOM
Free registration, thanks to @owasp.org and Ecma International.
cyclonedx.org/events/hacka...
#CycloneDX #SBOM
Transparency Exchange API (TEA) Hackathon - Barcelona 2025 | CycloneDX
Join us in Barcelona to test and shape the Transparency Exchange API, the next evolution in secure supply chain communication.
cyclonedx.org
April 21, 2025 at 8:39 PM
Join us on Wed May 28, 2025 in Barcelona for a hands-on hackathon to test Beta 1 of the Transparency Exchange API (TEA) — a new way to securely exchange SBOMs, attestations & more.
Free registration, thanks to @owasp.org and Ecma International.
cyclonedx.org/events/hacka...
#CycloneDX #SBOM
Free registration, thanks to @owasp.org and Ecma International.
cyclonedx.org/events/hacka...
#CycloneDX #SBOM
Reposted by Steve Springett
“CVE Data Usage and Satisfaction Survey”
Ends today, April 4, 2025, at 11:59 PM ET!
CVE content consumers, & defenders, this is your opportunity to help enhance the CVE Program & its service offerings
Access the survey here:
forms.office.com/g/hx168RPctg
Ends today, April 4, 2025, at 11:59 PM ET!
CVE content consumers, & defenders, this is your opportunity to help enhance the CVE Program & its service offerings
Access the survey here:
forms.office.com/g/hx168RPctg
Microsoft Forms
forms.office.com
April 4, 2025 at 12:40 PM
“CVE Data Usage and Satisfaction Survey”
Ends today, April 4, 2025, at 11:59 PM ET!
CVE content consumers, & defenders, this is your opportunity to help enhance the CVE Program & its service offerings
Access the survey here:
forms.office.com/g/hx168RPctg
Ends today, April 4, 2025, at 11:59 PM ET!
CVE content consumers, & defenders, this is your opportunity to help enhance the CVE Program & its service offerings
Access the survey here:
forms.office.com/g/hx168RPctg
Reposted by Steve Springett
Join our community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at #Monzo Bank!
Learn how Monzo replaced a proprietary vulnerability scanner with @cyclonedx.bsky.social #SBOMs & Dependency-Track.
Calendar Invite: dub.sh/dtcalendar
Zoom Link: dub.sh/dtzoom
Learn how Monzo replaced a proprietary vulnerability scanner with @cyclonedx.bsky.social #SBOMs & Dependency-Track.
Calendar Invite: dub.sh/dtcalendar
Zoom Link: dub.sh/dtzoom
LinkedIn
This link will take you to a page that’s not on LinkedIn
lnkd.in
March 27, 2025 at 7:28 PM
Join our community meeting next Wednesday, 2nd April at 4-5PM UTC for a presentation from our friends at #Monzo Bank!
Learn how Monzo replaced a proprietary vulnerability scanner with @cyclonedx.bsky.social #SBOMs & Dependency-Track.
Calendar Invite: dub.sh/dtcalendar
Zoom Link: dub.sh/dtzoom
Learn how Monzo replaced a proprietary vulnerability scanner with @cyclonedx.bsky.social #SBOMs & Dependency-Track.
Calendar Invite: dub.sh/dtcalendar
Zoom Link: dub.sh/dtzoom
Reposted by Steve Springett
Identifying software is hard!
I'll be on a panel with @stevespringett.bsky.social (OWASP), MegaZone (F5), and Christopher Turner (NIST) at VulnCon to talk about options for software identification in vulnerability management.
9:00 to 9:30 EDT, April 8th.
www.first.org/conference/v...
I'll be on a panel with @stevespringett.bsky.social (OWASP), MegaZone (F5), and Christopher Turner (NIST) at VulnCon to talk about options for software identification in vulnerability management.
9:00 to 9:30 EDT, April 8th.
www.first.org/conference/v...
Program Overview / CVE Program & FIRST VulnCon 2025
www.first.org
March 10, 2025 at 7:29 PM
Identifying software is hard!
I'll be on a panel with @stevespringett.bsky.social (OWASP), MegaZone (F5), and Christopher Turner (NIST) at VulnCon to talk about options for software identification in vulnerability management.
9:00 to 9:30 EDT, April 8th.
www.first.org/conference/v...
I'll be on a panel with @stevespringett.bsky.social (OWASP), MegaZone (F5), and Christopher Turner (NIST) at VulnCon to talk about options for software identification in vulnerability management.
9:00 to 9:30 EDT, April 8th.
www.first.org/conference/v...
Honored to be discussing @cyclonedx.bsky.social and machine-readable attestations with Anchore this month. Join me! This is going to be fun and educational for anyone not familiar with CycloneDX Attestations (CDXA). This is an ideal solution for EO 14144 which requires machine-readable attestations.
🚨 New Webinar 🚨 The need for verifiable trust in #software components is critical. Learn to build on #SBOMs w/ CycloneDX attestation plus how to create cryptographically verifiable evidence of #security practices, #automate manual audit workflows & more. https://get.anchore.com/cyclonedxandsboms/
February 15, 2025 at 11:04 PM
Honored to be discussing @cyclonedx.bsky.social and machine-readable attestations with Anchore this month. Join me! This is going to be fun and educational for anyone not familiar with CycloneDX Attestations (CDXA). This is an ideal solution for EO 14144 which requires machine-readable attestations.
@hacks4pancakes.com, you gave one of the best keynotes yesterday at ChiBrrCon that I’ve seen in a very long time. Bravo. Told my wife and a few co-workers about it and the utterly raw impact it had on many in the audience. Any chance of an encore or recording in the future? Best wishes.
February 15, 2025 at 12:16 AM
@hacks4pancakes.com, you gave one of the best keynotes yesterday at ChiBrrCon that I’ve seen in a very long time. Bravo. Told my wife and a few co-workers about it and the utterly raw impact it had on many in the audience. Any chance of an encore or recording in the future? Best wishes.
Reposted by Steve Springett
How to pass the OWASP MASVS verification by design?
In Admincontrol, our Android app and IOS app passed the @owasp.org MASVS verification by deciding security requirements and -controls using a game. Here is how...https://dev.to/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9 #appsec
In Admincontrol, our Android app and IOS app passed the @owasp.org MASVS verification by deciding security requirements and -controls using a game. Here is how...https://dev.to/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9 #appsec
February 14, 2025 at 8:35 AM
How to pass the OWASP MASVS verification by design?
In Admincontrol, our Android app and IOS app passed the @owasp.org MASVS verification by deciding security requirements and -controls using a game. Here is how...https://dev.to/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9 #appsec
In Admincontrol, our Android app and IOS app passed the @owasp.org MASVS verification by deciding security requirements and -controls using a game. Here is how...https://dev.to/owasp/how-to-pass-the-owasp-masvs-verification-by-design-2cf9 #appsec
The continued innovation happening in @cyclonedx.bsky.social is truly inspiring. This week, its from the cdxgen team with "cdx1", a family of open-source, SOTA machine learning (ML) models purpose-built for xBOM analysis, validation, and reasoning.
www.linkedin.com/pulse/cdx1-u...
#OWASP #SBOM
www.linkedin.com/pulse/cdx1-u...
#OWASP #SBOM
cdx1 - Unlocking the Next Frontier in xBOM Analysis
If asked to name an incubator that has produced hundreds of projects and tens of highly valuable unicorns, one need only mention the OWASP Foundation. While many in the Western world erroneously assum...
www.linkedin.com
February 10, 2025 at 7:31 PM
The continued innovation happening in @cyclonedx.bsky.social is truly inspiring. This week, its from the cdxgen team with "cdx1", a family of open-source, SOTA machine learning (ML) models purpose-built for xBOM analysis, validation, and reasoning.
www.linkedin.com/pulse/cdx1-u...
#OWASP #SBOM
www.linkedin.com/pulse/cdx1-u...
#OWASP #SBOM
I have been on Twitter since Feb 2009 and today, I have deactivated the account. While I am unable to make public political statements, it's not that hard to figure out. The projects that I lead or co-lead will continue to have a presence on the site, but I will not.
January 22, 2025 at 2:18 AM
I have been on Twitter since Feb 2009 and today, I have deactivated the account. While I am unable to make public political statements, it's not that hard to figure out. The projects that I lead or co-lead will continue to have a presence on the site, but I will not.
Reposted by Steve Springett
📌 Excited to share my upcoming book, "Alice and Bob Learn Secure Coding," with you all! Learn from real-world examples, practical advice, and insightful anecdotes. Stay tuned for the release on Feb 5th! shehackspurple.ca/bo...
December 15, 2024 at 4:00 PM
📌 Excited to share my upcoming book, "Alice and Bob Learn Secure Coding," with you all! Learn from real-world examples, practical advice, and insightful anecdotes. Stay tuned for the release on Feb 5th! shehackspurple.ca/bo...
Reposted by Steve Springett
At the first ever KoalaCon @owasp.org shared insights into how TEA (Transparency Exchange API) can help automate your product lifecycle. This will be essential to dependency management and vulnerability management in the future. And you can be part of it! #cybersec #appsec #dependency-management
KoalaCon 2024 was a huge success. Thank you to all the speakers, including Olle E Johansson, Anthony Harrison, Niklas Düster, Viktor Petersson, and Piotr P. Karwasz. Couldn't attend. No worries, the recording is available on YouTube.
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
OWASP KoalaCon 2024
YouTube video by OWASP CycloneDX
youtu.be
December 10, 2024 at 6:08 AM
At the first ever KoalaCon @owasp.org shared insights into how TEA (Transparency Exchange API) can help automate your product lifecycle. This will be essential to dependency management and vulnerability management in the future. And you can be part of it! #cybersec #appsec #dependency-management
KoalaCon 2024 was a huge success. Thank you to all the speakers, including Olle E Johansson, Anthony Harrison, Niklas Düster, Viktor Petersson, and Piotr P. Karwasz. Couldn't attend. No worries, the recording is available on YouTube.
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
OWASP KoalaCon 2024
YouTube video by OWASP CycloneDX
youtu.be
December 2, 2024 at 11:29 PM
KoalaCon 2024 was a huge success. Thank you to all the speakers, including Olle E Johansson, Anthony Harrison, Niklas Düster, Viktor Petersson, and Piotr P. Karwasz. Couldn't attend. No worries, the recording is available on YouTube.
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
youtu.be/NStzYW4WnEE?...
#OWASP #SBOM #SoftwareTransparency
Reposted by Steve Springett
Black Friday, a day to be exposed to surprising reset password flows. Password in email, repeatedly the same verification token, etc.
Owasp has a great Forgot Password Cheat Sheet if you ever find yourself implementering a forgot password service: cheatsheetseries.owasp.org/cheatsheets/...
Owasp has a great Forgot Password Cheat Sheet if you ever find yourself implementering a forgot password service: cheatsheetseries.owasp.org/cheatsheets/...
Forgot Password - OWASP Cheat Sheet Series
Website with the collection of all the cheat sheets of the project.
cheatsheetseries.owasp.org
November 29, 2024 at 9:39 PM
Black Friday, a day to be exposed to surprising reset password flows. Password in email, repeatedly the same verification token, etc.
Owasp has a great Forgot Password Cheat Sheet if you ever find yourself implementering a forgot password service: cheatsheetseries.owasp.org/cheatsheets/...
Owasp has a great Forgot Password Cheat Sheet if you ever find yourself implementering a forgot password service: cheatsheetseries.owasp.org/cheatsheets/...
Reposted by Steve Springett
🎉 Don't miss out on this thrilling opportunity! Get your SUPER Early Bird Tickets for 2025 #OWASP Global #AppSec EU in Barcelona now! Book your spot at a special discounted rate for the May conference. Hurry, these prices are only for a limited time!!! REGISTER TODAY: owasp.glueup.com/eve...
#AI
#AI
November 26, 2024 at 7:29 PM
🎉 Don't miss out on this thrilling opportunity! Get your SUPER Early Bird Tickets for 2025 #OWASP Global #AppSec EU in Barcelona now! Book your spot at a special discounted rate for the May conference. Hurry, these prices are only for a limited time!!! REGISTER TODAY: owasp.glueup.com/eve...
#AI
#AI
Some of the projects I'm involved with have establish bsky account recently. Check out:
OWASP CycloneDX (ECMA-424)
@cyclonedx.bsky.social
OWASP Dependency-Track
@dependencytrack.bsky.social
Ecma Technical Committee 54
@tc54.bsky.social
OWASP CycloneDX (ECMA-424)
@cyclonedx.bsky.social
OWASP Dependency-Track
@dependencytrack.bsky.social
Ecma Technical Committee 54
@tc54.bsky.social
November 20, 2024 at 9:42 PM
Some of the projects I'm involved with have establish bsky account recently. Check out:
OWASP CycloneDX (ECMA-424)
@cyclonedx.bsky.social
OWASP Dependency-Track
@dependencytrack.bsky.social
Ecma Technical Committee 54
@tc54.bsky.social
OWASP CycloneDX (ECMA-424)
@cyclonedx.bsky.social
OWASP Dependency-Track
@dependencytrack.bsky.social
Ecma Technical Committee 54
@tc54.bsky.social
Reposted by Steve Springett
If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! http://teaintro.even... #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP
November 18, 2024 at 5:30 PM
If your company creates software that manage Software Bill of Material data - SBOMs - then you want to take part of the standardisation of an ECMA standard API for exchanging software transparency artefacts. Join us on November 25th! http://teaintro.even... #SPDX #SBOM #INTOTO #CYCLONEDX #OWASP
Congrats to the winners of this years election.
The 2024 OWASP Global Board of Directors' Election results are here!
Check them out at:
owasp.org/www-board/...
A big thank you to all the candidates for their support to the Foundation.
Check them out at:
owasp.org/www-board/...
A big thank you to all the candidates for their support to the Foundation.
November 2, 2024 at 3:21 PM
Congrats to the winners of this years election.
Ecma TC54 will be working towards standardizing Package URL, specifically purl, vers, and purl types. TC54 will be working out the details over the next few weeks. We invite everyone to learn more about TC54 and contribute to the advancement of Package URL.
tc54.org
#PackageURL #SBOM #OWASP
tc54.org
#PackageURL #SBOM #OWASP
February 22, 2024 at 11:36 PM
Ecma TC54 will be working towards standardizing Package URL, specifically purl, vers, and purl types. TC54 will be working out the details over the next few weeks. We invite everyone to learn more about TC54 and contribute to the advancement of Package URL.
tc54.org
#PackageURL #SBOM #OWASP
tc54.org
#PackageURL #SBOM #OWASP