Invitation to join plugfest to showcase OCA projects and concepts.


I would like to call members attention to the virtual OpenC2 SBOM PoC/Plugfest/Hackathon that is open to all and I feel would be a good opportunity to advance the mission of the OCA. The  SBOM (Software Bill of Materials) PoC (Proof of Concept) vision is at The purpose is to show the value of automated cyber defense which is best shown using usecases across many concepts involving all aspects of the security infrastructure.


Although the work originated with OpenC2 and SBOM, some usecases already in progress (more welcome) involve SCAPv2 prototyping and OpenC2-over-OpenDxl interworking as well as many aspects of OpenDxl-ontology. I would hope stix-shifter could also be used for a trifecta of OCA projects.


Google has provided $60k of GCP credits in support of OpenC2. Participate in the plugfest and learn how to take advantage of this.

For more info on OpenC2, see

For more info on SBOM, see

For examples of the SCAPv2 prototyping as part of the PoC, see, and

For an example of OpenC2-over-OpenDxl interworking see

For an example of where stix-shift may fit in, see “analyze vulnerability/license” in


Summer is drawing to a close and the plugfest is kicking into a higher gear. Work has started and will culminate in an all-day meetup on Oct-28th. For more information on how to participate, see

Please consider participating.



Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at