During 2024 two relevant steps have been taken that will enable the inclusion of cryptographic algorithms in SBOM in the near future. On one side, SCANOSS has published as open data (CC0) the cryptographic algorithms detected across the internet, included in the product knowledge, together with a very simple mechanism to detect them in any software composition. In addition, SPDX has taken the decision to create a cryptographic algorithms list following the work done on the SPDX License List.

The talk will provide an overview of why including crypto algorithms in SBOMs is relevant in a variety of use cases for different industries. It will describe the work done by SCANOSS during 2024 in this field, including how the open data set published with crypto algorithms information is evolving, now the SPDX Crypto Algorithms List is defined as upstream, as well as recent improvements in the detection mechanisms. Measures to promote contributions to it will be announced during the talk.

The speaker will then ask the audience about how to improve the data set, so it becomes useful to an increasing number of use cases, so more organizations and upstream projects include cryptographic algorithms in SBOMs. The talk will end by providing the opportunity to the audience to point to other developments that should be considered in this field, and how and where we can create the corresponding forum to coordinate further actions during 2025.

Crypto_algorithms_open_dataset: https://github.com/scanoss/crypto_algorithms_open_dataset