Explore the evolution and best practices of Software Bill of Materials (SBOM) management systems in this insightful 55-minute conference talk by Mark Gisi from Wind River Systems. Gain valuable insights from a decade-long journey of SBOM system development, starting with the introduction of SPDX in 2011 to the third-generation release in 2023. Learn how requirements have shifted from license compliance to software export compliance, and now to security-driven approaches. Discover key lessons, dos and don'ts, and compare different SBOM solutions available in the market. Benefit from an overview of open-sourced libraries and utilities that can enhance your own SBOM initiatives, and understand how functional safety may shape future developments in this critical area of software management.
Case Study - 10+ Years of Developing an SBOM System - Dos and Don'ts
Overview
Syllabus
Case Study: 10+ Years of Developing an SBOM System and the Dos and Don’ts - Mark Gisi
Taught by
Linux Foundation
Tags
Related Courses
-
SW360 SBOM - Managing Vulnerability Information, SPDX Documents and Dependency Networks
-
SBOM Implementation Reality - The SPDX Lite Profile for First Step
-
SBOM Implementation Reality: From Crawl to Walk - SPDX Lite Profile for the First Step
-
License Compliance and Security Management for Embedded Systems
-
We Built the Kubernetes SBOM and Now You Can Write Your Own
-
Leverage Kubernetes SPDX Tools to Create Your SBOM
