I work on software security at MITRE, including serving as amember of the OmniBOR Working Group, where I lead development of the Rustimplementation, and as the project manager for Hipcheck, a tool forautomated supply chain risk assessment of software packages. Zola 2025-04-10T00:00:00+00:00 https://www.alilleybrinker.com/topics/software-id/atom.xml 2025-04-10T00:00:00+00:00 2025-04-10T00:00:00+00:00 Andrew Lilley Brinker https://www.alilleybrinker.com/mini/tracking-software-id-schemes/ <p>Part of my life is working on the problem of software identification. I’m on the Core Team for <a rel="external" href="https://omnibor.io/">OmniBOR</a>, a reproducible software identifier scheme, and my other work in software supply chain security and vulnerability management often bumps up against challenges with identifying software at differing levels of granularity, mapping vulnerabilities or SBOMs (Software Bills of Material) to specific software.</p> <p>It may surprise you to learn there are a lot of software identifier schemes. Some of them are general purpose and used across different ecosystems, while some are ecosystem or even tool- or API-specific.</p> <p>To help track those identifiers and link to their specifications, I’ve made a new <a rel="external" href="https://www.alilleybrinker.com/softwareids/">Software ID tracker</a>. It’s <a rel="external" href="https://github.com/alilleybrinker/softwareids">up on GitHub</a> and contributions are welcome!</p>