Myths and Realities of Software Bill of Materials | DevOps Connect: DevSecOps 2023

July 5, 2023

The topic of software bills of materials (SBOMs) has come to the forefront when discussing how to exchange information about components that make up the software that we produce and use on a daily basis. With Executive Order 14028 signed in 2021, companies that wish to provide software or services to the federal government must provide information on the security of their offerings. This includes providing an SBOM, which describes the composition of the software they will be procuring. Although the concept is straightforward, there are many questions about how to handle these software inventories in day-to-day operations. This session will review where the industry stands regarding SBOMs, the formats and specifications that define an SBOM and the unanswered questions that exist about how to handle these massive inventory files. You’ll learn how to handle SBOMs as a producer and a consumer based on real-world experience as well as how to address the question, “What do we do with these things?”

Share some ❤
starts in 10 seconds