Merge pull request #9 from shiftleftcyber/jason

j28smith · web-flow · commit f30a0ef016df · 2025-08-26T10:52:11.000-04:00
Adding another blog post
diff --git a/marketing/content/blog/en_cra.md b/marketing/content/blog/en_cra.md
@@ -2,16 +2,7 @@
 author = ""
 title = "Understanding the EU Cyber Resilience Act: What It Means for SBOMs"
 date = "2024-12-10"
-description = ""
-tags = [
-    "markdown",
-    "css",
-    "html",
-]
-
 series = ["Standards"]
-aliases = [""]
-
 image = "img/thirdparty/EU.png"
 +++
 
diff --git a/marketing/content/blog/eo14028.md b/marketing/content/blog/eo14028.md
@@ -2,16 +2,7 @@
 author = ""
 title = "Understanding EO 14028: Enhancing the Nation’s Cybersecurity"
 date = "2024-12-09"
-description = ""
-tags = [
-    "markdown",
-    "css",
-    "html",
-]
-
 series = ["Standards"]
-aliases = [""]
-
 image = "img/thirdparty/US-WhiteHouse-Logo.svg.png"
 +++
 
diff --git a/marketing/content/blog/made_in_canada_in_groceries_and_in_software.md b/marketing/content/blog/made_in_canada_in_groceries_and_in_software.md
@@ -2,11 +2,6 @@
 author = "Jason Smith"
 title = "'Made in Canada' - in Groceries and in Software 🛒🍁💻"
 date = "2025-04-27"
-tags = [
-    "markdown",
-    "css",
-    "html",
-]
 linkedin = "https://www.linkedin.com/posts/j28smith_product-of-canada-vs-made-in-canada-activity-7315682416231096320-vusd"
 image = "img/thirdparty/made-in-vs-product-of-canada.png"
 youtube = "pApbYrNuAg4"
@@ -52,4 +47,4 @@ SBOMs are a great start to gain transparency. However, visibility alone isn’t
 
 Have you checked the ingredients in your software lately? Do you know where they came from?
 
-hashtag#SBOM hashtag#SoftwareSupplyChain hashtag#CyberSecurity hashtag#SoftwareTransparency hashtag#MadeInCanada hashtag#DigitalSupplyChain hashtag#SoftwareRisk hashtag#TrustButVerify hashtag#DigitalTrust hashtag#OpenSourceSecurity hashtag#SecureDevelopment hashtag#DevSecOps hashtag#SoftwareIntegrity hashtag#CanadianTech hashtag#TechMadeInCanada 🍁💻🔐
+#SBOM #SoftwareSupplyChain #CyberSecurity #SoftwareTransparency #MadeInCanada #DigitalSupplyChain #SoftwareRisk #TrustButVerify #DigitalTrust #OpenSourceSecurity #SecureDevelopment #DevSecOps #SoftwareIntegrity #CanadianTech #TechMadeInCanada 🍁💻🔐
diff --git a/marketing/content/blog/not_all_boms_are_created_equal.md b/marketing/content/blog/not_all_boms_are_created_equal.md
@@ -0,0 +1,38 @@
++++
+author = "Jason Smith"
+title = "Not all BOMs are created equal 👀"
+date = "2025-05-04"
+linkedin = "https://www.linkedin.com/posts/j28smith_sbom-cybersecurity-softwaredevelopment-activity-7318222884273823745-gKGJ"
+image = "img/thirdparty/bom-vs-sbom.jpeg"
++++
+
+In the physical world, a Bill of Materials (BOM) is straightforward:
+
+* 🔩 You list the parts
+* 🏭 You know the suppliers
+* 📋 You track inventory
+
+But a Software Bill of Materials (SBOM) is...different. And trickier.
+
+Modern software isn't built from physical parts. It is assembled from code created across the globe 🌍:
+
+* 🏫 Libraries
+* 📦 Packages
+* 🔗 Dependencies
+* 🔧 Build tools
+* ⛓️ Sometimes even unknown transitive dependencies (your dependencies' dependencies)!
+
+On top of that, SBOMs need to be:
+
+* 🤖 Machine-readable
+* 🛠️ Up-to-date with every build
+* 📝 Traceable to a version and source
+* 💼 Portable across systems and vendors
+
+This isn't a list you write once and forget. It is dynamic and it must evolve with your software development lifecycle. ♻️
+
+So yes, the concept of a BOM exists in both hardware and software...but SBOMs? They play a different game entirely. 🧠
+
+Have you ever tried creating or consuming an SBOM? What was the hardest part?
+
+#SBOM #CyberSecurity #SoftwareDevelopment #SupplyChainSecurity #DevSecOps #OpenSourceSecurity #SoftwareSupplyChain #SoftwareTransparency #DigitalTrust #SecureDevelopment #SoftwareIntegrity 🔐
diff --git a/marketing/content/blog/supply_chain_attacks.md b/marketing/content/blog/supply_chain_attacks.md
@@ -2,16 +2,6 @@
 author = "CC"
 title = "The Temptation of Software Supply Chain Attacks"
 date = "2025-01-12"
-description = ""
-tags = [
-    "markdown",
-    "css",
-    "html",
-]
-
-series = [""]
-aliases = [""]
-
 image = "img/thirdparty/supply_chain_attack.webp"
 +++
 
diff --git a/marketing/content/blog/what_is_an_sbom_and_why_should_you_care.md b/marketing/content/blog/what_is_an_sbom_and_why_should_you_care.md
@@ -2,13 +2,7 @@
 author = "Jason Smith"
 title = "What is an SBOM & Why Should You Care? 🤔💡"
 date = "2025-04-20"
-tags = [
-    "markdown",
-    "css",
-    "html",
-]
 linkedin = "https://www.linkedin.com/posts/j28smith_cybersecurity-sbom-softwaresecurity-activity-7313193464173629444-8KfY"
-
 image = "img/thirdparty/ingredient-list-sbom.jpeg"
 +++
 
diff --git a/marketing/data/features.json b/marketing/data/features.json
@@ -32,7 +32,7 @@
     },
     {
       "title": "Offline & Clean-Room Verification",
-      "description": "Perform signing and validation in air-gapped or highly regulated environments with full offline support.",
+      "description": "Perform signing and verification in air-gapped or highly regulated environments with full offline support.",
       "icon": "fas fa-lock",
       "link": "/securesbom"
     }
diff --git a/marketing/static/img/thirdparty/bom-vs-sbom.jpeg b/marketing/static/img/thirdparty/bom-vs-sbom.jpeg

Original file line number	Diff line number	Diff line change
`@@ -32,7 +32,7 @@`
`32`	`32`	`},`
`33`	`33`	`{`
`34`	`34`	`"title": "Offline & Clean-Room Verification",`
`35`		`- "description": "Perform signing and validation in air-gapped or highly regulated environments with full offline support.",`
	`35`	`+ "description": "Perform signing and verification in air-gapped or highly regulated environments with full offline support.",`
`36`	`36`	`"icon": "fas fa-lock",`
`37`	`37`	`"link": "/securesbom"`
`38`	`38`	`}`