
Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
Company News
Sarah Gooding
January 31, 2025
We're excited to share that Socket has officially joined TC54! This marks an important step in our commitment to improving software supply chain security, and we’re looking forward to contributing to the evolution of key technologies like Software Bill of Materials (SBOMs), CycloneDX, and Package URLs (PURL).
TC54 is a technical committee dedicated to standardizing core data formats, APIs, and algorithms that advance software and system transparency. It oversees key specifications such as PURL, a format for identifying software packages across ecosystems, and is chartered to oversee the OWASP CycloneDX Bill of Materials (SBOM) specification and to develop new standards that enhance transparency and identity across the supply chain.
TC54 was established in December 2023 as a joint initiative between Ecma International and the OWASP Foundation, both of which have long been committed to open industry standards. These organizations have driven a series of advancements in software transparency, beginning with the introduction of CycloneDX v1.0 in 2018.
Over the years, CycloneDX has evolved significantly, incorporating features like component lineage tracking, vulnerability disclosure, AI transparency, and post-quantum cryptographic readiness. In June 2024, CycloneDX v1.6 was ratified as an Ecma international standard and published as ECMA-424.
At Socket, we believe in securing the open source ecosystem at its core, and that starts with improving visibility and standardization around software dependencies. By participating in TC54, we have an opportunity to collaborate with industry leaders and help refine these crucial standards to make them more robust, flexible, and developer-friendly.
“As a supply chain security company, it's important for us to be involved in the open source and standards process,” Socket engineer and TC54 contributor John-David Dalton said. “We are part of the community as well as the ecosystem we protect.”
While our involvement is just beginning, our team is already actively contributing to TC54’s initiatives:
Our participation in TC54 is just getting started, but we’re eager to contribute, learn, and collaborate. By working on standards like PURL and CycloneDX, we aim to make software supply chain security more effective and accessible for everyone.
“The future of software security depends on strong, open, community-driven standards,” Socket CEO Feross Aboukhadijeh said. “Through TC54, we're collaborating with industry leaders to build that future and protect developers worldwide."
We’ll be sharing updates as we make progress—stay tuned for more!
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.