Making Sense of SBOMs -- You’ve Created an SBOM...Now What?
SBOMs have been front and center in the national cybersecurity dialogue, particularly in the US, EU, and among key industries where safety and security are priorities. And while SBOMs are not new and have become a best practice those software factories within several industries, we should all expect regulations to become increasingly directive. We’ve seen this with regulatory guidance to self-attest and verify prior to shipping and deploying software. And emerging strategies forecast new levels of accountability and expanded liability for any negative consequences. So, all this raises the question- what are our SBOM obligations, what is our SBOM process, and how can we demonstrate compliance to mitigate our own risks associated with software? In this session we’ll discuss and demo an SBOM, and key factors in managing these artifacts, including: - How to generate both Source and Binary SBOMs - What critical data to look for in your SBOMs - How to automate SBOM creation? - How to manage your SBOMs- store, add, change, etc? - How do you share and communicate your SBOMs?