Christian Badertscher, Ran Canetti, et al.
TCC 2020
Migration strategies to quantum-safe cryptography often emphasize the need to establish an inventory of cryptographic assets to be able to prioritize the migration. A standard way to describe cryptography is however missing to date, which poses a challenge when inventory information should be exchanged or systematically used. To address this issue, we present our efforts in OWASP CycloneDX to standardize Cryptography Bill of Materials (CBOM), a standard format to describe cryptographic assets and their dependencies. The CBOM standard is planned to be included in the upcoming release of CycloneDX and will enable SBOM related tooling to inventory cryptography with CBOM. We will walk through the use cases addressed by CBOM, discuss some challenges, and demonstrate how to use it to describe different scenarios such as:
Christian Badertscher, Ran Canetti, et al.
TCC 2020
Jonathan Bootle, Vadim Lyubashevsky, et al.
ESORICS 2021
Ehud Aharoni, Nir Drucker, et al.
CSCML 2023
Matilda Backendal, Hannah Davis, et al.
CRYPTO 2024