From f6f2c3d69c9d3cecc9de4d48be2bae64a8624263 Mon Sep 17 00:00:00 2001
From: bpmcdevitt <brendan@mcdevitt.tech>
Date: Wed, 17 Aug 2022 21:55:22 -0500
Subject: [PATCH] updated sbom section

---
 notes/notes_from_blackhat_2022.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/notes/notes_from_blackhat_2022.md b/notes/notes_from_blackhat_2022.md
index 48400cb..52d92a5 100644
--- a/notes/notes_from_blackhat_2022.md
+++ b/notes/notes_from_blackhat_2022.md
@@ -14,6 +14,9 @@ Some concepts in general that i noted:
 Concepts that I learned about:
 #### SBOM
 Software Bill of Materials. CISA has been pushing it for about a year or maybe a little bit more now. This is basically a list of an inventory of software, the version numbers, ecosystems, their dependencies. An entire trail of what is actually installed on this system. You can't secure something without knowing exactly what is inside of it. There are weird edge cases that have come up in the recent past IE log4j log4shell vulnerabilities that go a little bit deeper into what is required to determine vulnerability or not.
+These two urls have all the goto: resources for deep-diving SBOM:
+- [cisa](https://www.cisa.gov/sbom)
+- [ntia](https://ntia.gov/SBOM)
 #### VEX
 Vulnerability exploitability exchange.
 This can be thought of as a machine-readable security advisory. There is alot of documentation about this one, and I need to learn about it further.