Software supply chains would benefit from standardizing the declaration of cryptographic algorithms. Incorporating these algorithms into SBOMs is crucial for developing open, shared and transparent management processes in areas like export control or security compliance and auditing to declare, publish, distribute, etc. information about crypto algorithms present in any software composition within complex supply chains.

Creating, maintaining, and publishing a curated list of cryptographic algorithms is a required infrastructure step, and the SPDX project has committed to perform these tasks, under an open participation process.

During the talk, Julián and Agustin will describe the current state of SPDX's crypto algorithms list and its expected impact, together with future plans.

List: https://github.com/spdx/crypto-algorithms

Finally, both speakers will trigger a discussion around an open collaboration within OpenChain to foster a robust open-source tooling ecosystem for detecting cryptographic algorithms as well as to define those key management processes within complex supply chains.