Skip to Main Content
Talk Intermediate

Demystifying SBOMs: A Deep Dive into Software Bill of Materials for FOSS Management

Approved
Session Description

This talk aims to provide a comprehensive overview of Software Bill of Materials (SBOMs) within the Free and Open Source Software (FOSS) domain. It will trace the evolution of SBOMs and highlight their growing importance in security and artifact management. Key topics to be covered include:

  1. Introduction: SBOMs and Their Benefits
  2. Evolution of SBOMs: From traditional BOMs to SBOMs, SaaSBOMs, ML(Machine Learning)BOMs, C(Cryptography)BOMs, etc.
  3. Industry Standards for Creating SBOMs: A look at SPDX and CycloneDX.
  4. Comparative Analysis: Evaluating SBOMs generated by different tools.
  5. Advancements in SBOMs: Including VEX and EPSS.
  6. Existing and upcoming Industry regulations
  7. Future Trends and Developments

This session will equip developers and managers with an understanding of the critical role SBOMs play in the development cycle. It will emphasize the importance of documenting third-party open source dependencies and transitive dependencies to identify security and licensing issues, both for current projects and for future scenarios where new vulnerabilities might arise.

Session Categories

FOSS

Speakers

lakshmi teja
Senior Open Source Consultant Source Code Control
lakshmi teja

With over 7 years of experience in the FOSS (Free and Open Source Software) domain, I specialize in managing and ensuring compliance with various FOSS licenses. I have successfully collaborated with development teams to integrate FOSS components while adhering to licensing terms, and I have conducted numerous training sessions to educate teams on the significance of FOSS in the software supply chain. My role has involved developing and implementing processes to streamline FOSS usage and compliance, as well as providing ongoing support and consultation to address FOSS-related challenges and opportunities.

Reviews

This is a novel topic. I will be interested in hearing more about this as a talk.
Reviewer #1 Approved
I'd like to know more about the talk contents, not sure about the proposal
Reviewer #2 Not Sure