Merge pull request #18 from shiftleftcyber/feat/addSecureSbomVSSigstore

Some more updates after a review

Author: j28smith

marketing/content/about.md

@@ -19,7 +19,7 @@ At **ShiftLeftCyber**, we empower organizations to:
   Embedded directly into your CI/CD pipelines, using industry-standard formats like **CycloneDX** and **SPDX**—allowing a comprehensive, accurate software component inventory.
 
 - **Sign and verify SBOMs**  
-  Ensure both authenticity and integrity of your SBOMs through signing and verification using tools such as **Cosign** and the **JSON Signature Format (JSF)**. 
+  Ensure both authenticity and integrity of your SBOMs through signing and verification.
 
 - **Analyze and remediate vulnerabilities**  
   Leverage SBOMs to pinpoint and manage software supply chain risks—enhancing vulnerability detection, response, and remediation workflows.

marketing/content/securesbom_vs_sigstore.md

@@ -1,76 +1,78 @@
 ---
 title: "SecureSBOM vs Sigstore"
 description: "A side-by-side comparison between SecureSBOM and Sigstore across key criteria such as use cases, SBOM support, key management, and authentication."
-date: 2025-10-20
+date: 2025-10-21
 draft: false
 ---
 
-A detailed comparison of **SecureSBOM** and **Sigstore**, two solutions addressing software supply chain integrity through signing and verification technologies.  
-While **Sigstore** focuses primarily on open-source projects and OCI artifacts, **SecureSBOM** is built for enterprise-grade SBOM signing, verification, and compliance.
+A detailed comparison of **SecureSBOM** and **Sigstore**, two solutions advancing software supply chain security through SBOM signing and verification technologies.
+
+While **Sigstore** focuses primarily on open-source projects and OCI artifacts, **SecureSBOM** is purpose-built for enterprise-grade SBOM signing, verification, and compliance.
 
 ---
 
 ## 🧩 Primary Use Case
 
 | Tool | Description |
 |------|--------------|
-| **SecureSBOM** | Business / Enterprise Software, purpose-built for SBOM signing and verification. |
-| **Sigstore** | Open Source Software, OCI-Focused (SBOMs attached as a container artifact). |
+| **SecureSBOM** | Purpose-built for enterprise and business software, focused on SBOM signing and verification. |
+| **Sigstore** | Designed for open-source software with an OCI-centric approach (SBOMs attached as container artifacts). |
 
 ---
 
 ## 📘 SBOM Support
 
 | Tool | Description |
 |------|--------------|
-| **SecureSBOM** | Integrates directly with the **CycloneDX SBOM format** — supports **embedded signatures**, **property exclusion**, and also supports **SPDX detached signatures**. |
-| **Sigstore** | Treats all SBOMs as simple blobs. Supports **detached signatures only** for both SPDX and CycloneDX. |
+| **SecureSBOM** | Native integration with the CycloneDX format (supports embedded signatures, property exclusion, canonicalization), and SPDX detached signatures. |
+| **Sigstore** | Treats SBOMs as binary blobs; supports only detached signatures for both SPDX and CycloneDX. |
 
 ---
 
 ## 🔐 Key Management
 
 | Tool | Description |
 |------|--------------|
-| **SecureSBOM** | **Automated** key lifecycle management using **HSMs**. Ideal for enterprise compliance and long-term trust. |
-| **Sigstore** | Ephemeral, short-lived keys/certificates from **Fulcio** with **OIDC authentication** — or manual key management (local or via cloud providers like GCP/AWS). |
+| **SecureSBOM** | Automated key lifecycle management with HSM-backed protection; ideal for enterprise compliance and long-term trust. |
+| **Sigstore** | Uses ephemeral, short-lived keys and certificates issued by Fulcio with OIDC authentication, or manual key management (local or via GCP/AWS). |
 
 ---
 
 ## 🪪 Authentication
 
 | Tool | Description |
 |------|--------------|
-| **SecureSBOM** | Authenticated via **API Key**, enabling fine-grained access control and multi-tenant isolation. |
-| **Sigstore** | OIDC (for keyless signing) or external, self-managed authentication mechanisms. |
+| **SecureSBOM** | API key–based authentication supporting fine-grained access control and multi-tenant isolation. |
+| **Sigstore** | OIDC-based authentication for keyless signing, or external self-managed authentication mechanisms. |
 
 ---
 
 ## 🔍 Transparency
 
 | Tool | Description |
 |------|--------------|
-| **SecureSBOM** | **Private Record** system — verification performed using the **associated public key**, keeping enterprise signing activity confidential. |
-| **Sigstore** | Public record via public transparency logs. Verification relies on public keys and the public transparency logs. |
+| **SecureSBOM** | Maintains a private verification record. Verification is performed using the associated public key, keeping enterprise signing activity confidential. |
+| **Sigstore** | Uses public transparency logs for verification, relying on public keys and records visible to all. |
 
 ---
 
 ## 🧠 Summary
 
-- **SecureSBOM** focuses on enterprise adoption, providing stronger SBOM format integration, private key isolation, HSM-backed signing, and internal verification capabilities.
-- **Sigstore** simplifies signing for open-source projects and CI/CD pipelines relying on OIDC identity proof and public transparency.
+- **SecureSBOM** is optimized for enterprise environments, providing deeper SBOM format integration, private key isolation, HSM-backed signing, and internal verification capabilities..
+- **Sigstore** streamlines signing for open-source ecosystems and CI/CD workflows through OIDC identity proofing and public transparency.
 
 ---
 
 ### ✅ Ideal Fit
 
-| Use Case | Recommended Solution |
+| Recommended Solution | Use Case |
 |-----------|----------------------|
-| Enterprise Software & Closed Source/Private Projects | **SecureSBOM** |
-| Open Source Projects | **Sigstore** |
+| **SecureSBOM** | Enterprise software, closed-source, or private projects. |
+| **Sigstore** | Open-source projects and community-based CI/CD integrations. |
 
 ---
 
 Want to learn more?  
-- [SecureSBOM Overview](/securesbom)  
+
+- [SecureSBOM Overview](/securesbom)
 - [Sigstore Project](https://sigstore.dev)

marketing/hugo.toml

@@ -62,7 +62,7 @@ googleAnalytics = "G-CR0HB4HF2K"
     weight = 1
 
   [[menu.main]]
-    identifier = "securesbom_vs_cosign"
+    identifier = "securesbom_vs_sigstore"
     name = "SecureSBOM vs Sigstore"
     url = "/securesbom_vs_sigstore/"
     weight = 2