OWASP® Foundation

We’re thrilled to announce the release of CycloneDX v1.7, bringing enhanced transparency, trust and governance to software supply chains everywhere. With this release, the community takes a big leap forward in three key areas: Cryptographic Assurance (CBOM) — v1.7 introduces a standardized list of cryptographic algorithm families and a full list of elliptic curves, giving teams the visibility needed for audits, compliance and PQC (post-quantum readiness). Data Provenance & Citations — Now you can formally trace where BOM data came from, who enriched it, and how it was transformed. This means better auditability and clearer chain of custody. Intellectual Property Transparency — For the first time, BOMs can express not only “what” components are in use, but also “which” patents and patent families apply, bridging legal, business, and technical considerations. What this means for you: - Greater insight and control over your software supply chain risks - Better alignment of BOMs with legal/regulatory requirements - A stronger foundation for the future — v1.7 sets the stage for v2.0 and the next wave of API-first transparency Alongside the release, we’re publishing three new guides: - Authoritative Guide to SBOM, 3rd Edition - Authoritative Guide to CBOM, 2nd Edition - Authoritative Guide to MBOM, 1st Edition A huge thank you to all our working groups, our contributors, and the community for making this milestone possible. Full press release here: https://lnkd.in/guvcXMSk #OWASP #SBOM #CBOM #MBOM #SoftwareSupplyChain #SoftwareTransparency #Ecma #TC54

Have you cast your vote yet? Join in the 2025 OWASP Global Board of Directors' election voting until October 30th. Be a part of supporting outstanding community members. Your vote counts! https://lnkd.in/gFcgeDgW Check your email for your ballot and vote today.

Have you cast your vote yet? Join in the 2025 OWASP Global Board of Directors' election voting until October 30th. Be a part of supporting outstanding community members. Your vote counts! https://lnkd.in/gFcgeDgW Check your email for your ballot and vote today.

🚨 Are you registered for OWASP Global AppSec US 2025? https://lnkd.in/eAVqQDPC 📅 November 3–7, 2025 | Washington, D.C. 💻 Training: Nov 3–5 | Conference: Nov 6–7 Join hundreds of security leaders, researchers, and practitioners for 5 days of hands-on training, expert-led sessions, and networking designed to sharpen your application security skills. 🐾 New this year: Take a break in the Impart Security Puppy Room on Thursday, Nov 6! Recharge with some tail wags and puppy cuddles between sessions. #OWASP #AppSec #Cybersecurity #Infosec #WashingtonDC #ApplicationSecurity

🥳 Congratulations Richard O, you’re the lucky winner of the ticket to attend the OWASP® Foundation' s Global AppSec USA conference! 🎟️ Alternate winners, in case the primary winner cannot attend: Karnika Kuruba, Syeda Ayesha Hamzavi, Nicole Schwartz. All winners must get in touch in the next 72 hr using our contact form to claim your spot! ➡️ https://lnkd.in/gthVrCxS Thanks everyone for participating, and stay tuned for our next giveaway! 🚀 #Giveaway #Raffle #AppSec #InfoSec #CyberSecurity #OWASP #WashingtonDC #CyberCommunity

🚨 OWASP Virtual Chapter Nov 19 @ 12:00 PM ET AI agents are helping…and occasionally harming. Join Dan Glass for: Agentic Misalignment: When AI Agents Become Insider Threats You’ll learn real-world failure modes, risk signals, and practical controls to keep autonomous AI from acting like an insider. ✅ Free + virtual • 📅 Tue, Nov 19 • 🕛 12:00–1:00 PM ET 🔗 Register: https://lnkd.in/e8EjBXpY #OWASP #AppSec #AI #AgenticAI #InsiderThreats #Security #BlueTeam #CISO Jerry Hoff

🌟 Calling all trainers! Share your expertise at the 2026 #OWASP Global #AppSec EU. Don't miss the chance to be part of our vibrant community. Submit your proposal now: https://lnkd.in/eUXte2Hy #cybersecurity#SDLC #threatmodeling #devsecops #AI #infosec

🚨 Register now for OWASP Global AppSec US 2025 in Washington, D.C. coming up next month! https://lnkd.in/eAVqQDPC Thursday, November 6th, will feature an address from keynote speaker: Daniel Miessler! Network with peers, explore the exhibitor hall, join the vendor passport raffle, and fuel your passion for security with hundreds of professionals who live and breathe AppSec. #OWASP #AppSec #Cybersecurity #Infosec #WashingtonDC #ApplicationSecurity #GlobalAppSec

Ever wonder how to make things look natural when they’re anything but? Dive into Adam Shostack’s article ‘Making Look Natural’ as he prepares to deliver the inaugural run of his Threat Modeling Intensive with AI 3-day training as part of OWASP Global AppSec US 2025. Link to article: https://lnkd.in/gvnD4jVg Ready to sign up? There are a few seats left! Snag yours today. https://lnkd.in/gU-_TrYQ