Merge pull request #11 from shiftleftcyber/jason

j28smith · web-flow · commit 7e6554c26acf · 2025-09-03T21:35:48.000-04:00
Adding another blog post, removing broken links
diff --git a/marketing/content/blog/sbom_creators_and_consumers.md b/marketing/content/blog/sbom_creators_and_consumers.md
@@ -0,0 +1,43 @@
++++
+author = "Jason Smith"
+title = "𝗪𝗵𝗼 𝗮𝗰𝘁𝘂𝗮𝗹𝗹𝘆 𝗯𝘂𝗶𝗹𝗱𝘀 𝗦𝗕𝗢𝗠𝘀? 𝗔𝗻𝗱 𝘄𝗵𝗼 𝗻𝗲𝗲𝗱𝘀 𝘁𝗵𝗲𝗺? 🤔🔍"
+date = "2025-05-18"
+linkedin = "https://www.linkedin.com/posts/j28smith_sbom-supplychainsecurity-cybersecurity-activity-7323408174688980993-TPze"
+image = "img/thirdparty/sbom-creators-and-consumers.png"
++++
+
+SBOMs are a critical tool for understanding your software supply chain. But not everyone touches an SBOM the same way.
+
+There are 𝗰𝗿𝗲𝗮𝘁𝗼𝗿𝘀 and there are 𝗰𝗼𝗻𝘀𝘂𝗺𝗲𝗿𝘀. Sometimes they're the same person, but often they're not.
+
+👩🏻‍💻 𝗖𝗿𝗲𝗮𝘁𝗼𝗿𝘀
+These folks generate SBOMs as part of the software build or packaging process:
+ 💻 Development teams
+ ⚙️ CI/CD pipelines
+ 📦 Software vendors
+ 🛠️ Tooling platforms
+
+🎯 Their job: Ensure SBOMs are accurate, complete and reflect the actual software build artifacts.
+
+🙋🏻‍♂️ 𝗖𝗼𝗻𝘀𝘂𝗺𝗲𝗿𝘀
+These folks use SBOMs to evaluate, verify, or monitor software:
+ 🛡️ Security analysts
+ 📦 Software integrators
+ ⚖️ Compliance teams
+ 🕵🏻‍♀️ QA / SRE engineers
+ 👔 Customers (especially enterprise/government)
+
+🎯 Their job: Use SBOMs to assess risk, validate trust, and meet policy and/or regulatory requirements.
+
+🤓 𝗛𝗲𝗿𝗲’𝘀 𝘄𝗵𝗲𝗿𝗲 𝗶𝘁 𝗴𝗲𝘁𝘀 𝗶𝗻𝘁𝗲𝗿𝗲𝘀𝘁𝗶𝗻𝗴...
+
+If you're a 𝗰𝗿𝗲𝗮𝘁𝗼𝗿, you're responsible for 𝘁𝗿𝘂𝘁𝗵.
+If you're a 𝗰𝗼𝗻𝘀𝘂𝗺𝗲𝗿, you're responsible for 𝘁𝗿𝘂𝘀𝘁.
+
+This is why signing SBOMs and supporting cryptographic digital verification is critical. Without that, you might be consuming... misinformation? 🤷‍♂️
+
+SBOMs aren't just build-time artifacts. They are communication tools across the software lifecycle. 💻🔄
+
+Are you generating SBOMs today? Or consuming them from vendors? Do you know if they are trustworthy? 🤔
+
+#SBOM #SupplyChainSecurity #CyberSecurity #SecureSoftware #OpenSourceSecurity #DevSecOps #DigitalTrust #SoftwareIntegrity #Compliance #SoftwareSupplyChain #BuildSecurityIn
diff --git a/marketing/content/securesbom.md b/marketing/content/securesbom.md
@@ -115,9 +115,3 @@ Discuss enterprise features and custom solutions
 ---
 
 **Questions?** Our security experts are here to help. [Contact our team](/contactus/) to learn how SecureSBOM can transform your software supply chain security.
-
-### Related Resources
-- 📘 [SBOM Signing Best Practices](/blog/sbom-signing-best-practices/) 
-- 🔍 [Supply Chain Security Guide](/blog/supply-chain-security-guide/)
-- ⚖️ [EO 14028 Compliance Checklist](/blog/eo-14028-compliance/)
-- 🛠️ [CI/CD Integration Examples](/blog/cicd-sbom-integration/)
diff --git a/marketing/static/img/thirdparty/sbom-creators-and-consumers.png b/marketing/static/img/thirdparty/sbom-creators-and-consumers.png
