Software Bill Of Materials (SBOM)

BSI IT-Grundschutz 2023 sections covered by this page

• APP.6

DANGER

This sections needs further adjustment to App Suite 8 deployment models.

We are providing SBOM resources for OX App Suite 8 container images and the included application to allow comprehensive assessment and validation of third-party risk. Open-Xchange believes that transparency and openness regarding security concerns is fundamental to creating a safe environment. Operators of OX App Suite 8 can use this information to automate their asset management, risk register and better understand their level of exposure to vulnerable components.

Our SBOMs not only provide information about components that make up the container images, but also cover third-party open-source libraries that were included when creating OX App Suite components. Monitoring SBOMs against known vulnerabilities allows for fast identification of emerging threats and potential mitigations.

Open-Xchange continuously monitors and validates third-party risks at its products and will proactively provide updates based on the expected risk and relevance to deployments. Usually, there is no need to request such updates, but please don't hesitate to use our security contact channels if you'd like to hint a potential oversight or have questions on specific findings.

Distribution

tbd

Validation

tbd