Executive Summary
The 12th project call focused on the transition from Phase 1 to Phase 2 of the roadmap, emphasizing the finalization of nine distinct work streams and the expansion of the leadership team. The project has reached its initial 50k sponsorship goal and is now prioritizing industry adoption and academic collaboration.
Introduction of New Members
Several new members introduced themselves and their backgrounds:
- Candy: A cybersecurity veteran with 35+ years of experience, currently focused on advisory work in cyber and AI.
- Casper: Based in Helsinki, Finland, with a background in software development and information security.
- Kiran Kumar Beta: Cyber security leader at Schneider Electric India, focusing on AI use cases, risk assessment, and internal AI BOM white papers.
Project Roadmap and Progress
The project is transitioning from Phase 1 to Phase 2.
- Phase 1 (Completed): Established a “minimum viable community,” including the website, Slack workspace, initial tooling lists, and presence at events like OWASP AppSec India.
- Phase 2 (Current): Focuses on finalizing work streams, establishing an engagement strategy for academia and other organizations, and strengthening the sponsorship pipeline.
- Phase 3 & 4 (Future): Planned to begin around June, focusing on industry adoption, operationalization, and global amplification.
Leadership Updates
UV (Yuvaraj) was officially announced as the Co-Lead for the OWASP AI BOM project, joining Arunesh in leading the initiative.
Sponsorship and Alliances
- New Sponsors: Manifest Cyber and a Portugal-based company have joined as sponsors.
- Pipeline: The project has met its half-year goal of $50k and expects to reach $80k for the year.
- Academic Outreach: Discussions are underway with three universities in the DC metro area to engage with research-side experts.
- Call for Sponsors: Vendors or service companies in the AI security/SBOM space are encouraged to explore Gold ($20k) and Silver ($10k) sponsorship levels.
Work Stream Updates
The project now has nine distinct work streams. Key highlights include:
- Foundations: Developing AI BOM 101, including sections on agentic design.
- Content: Martin (OWASP LA) has volunteered to lead the content strategy and website management.
- Interoperability: Victor and Karen (SPDX AI Lead) discussed the importance of taxonomy and ensuring AI BOM data is interoperable with other standards like SPDX, MITRE, and ISO.
Tools and Standards
The project is consolidating AI BOM tools and standards into a single format. Members are encouraged to contribute information regarding proprietary or open-source tools to create a “ready reckoner” for practitioners.
Action Items
- Member Onboarding: Interested members should message leads on Slack to be added to specific work stream channels (e.g., Requirements, Content, Foundations).
- Feedback: Provide project or website feedback via the Google form.
- Content: Volunteers are needed for writing blogs and providing technical guidance.
- Sponsorship: Arunesh to share a message template for members to use when reaching out to potential sponsors.
