Explore the critical intersection of supply chain security, Software Bills of Materials (SBOMs), and the evolving role of Open Source Program Offices (OSPOs) in this 34-minute conference talk by Jeffrey Borek from IBM. Delve into cybersecurity and regulatory compliance challenges, examining the complex interplay between these domains and the evolution of enterprise software supply chains. Learn about the importance of source and build integrity, the relaunch of the Open Source Security Foundation, and its working groups. Discover the minimum requirements for SBOMs and gain insights into the Open Source Software Security Mobilization Plan. Understand how OSPOs can contribute significantly to addressing future security challenges in the open-source ecosystem.
Supply Chain Security, SBOMs and OSPOs: An Ecosystem and Compliance Update
Overview
Syllabus
Intro
Cybersecurity and Regulatory Compliance
Complex Interplay: Cybersecurity & Regulatory Compliance
Evolution of Enterprise Software Supply Chain
Source Integrity and Build Integrity Are Critical
Last Fall LF Relaunched Open Source Security Foundation
Open Source Security Foundation Working Groups
What Are SBOM Minimum Requirements?
Open Source Software Security Mobilization Plan
How OSPOs Can Play an Important Role Going Forward
Taught by
Linux Foundation
Tags
Related Courses
-
Policy Compliance with Sigstore - From Signing Software to Validating the Whole Software Supply Chain
-
Scaling Software Supply Chain Source Security in Large Enterprises
-
The Current State of Open Source Security Compliance Tooling Is Well, Sad
-
Supercharge Your Software Supply Chain Security Strategy with Multi-SBOM Integration
-
Supply Chain Security in the Enterprise
-
Software Bill of Materials (SBoM) and Supply Chain with the Yocto Project - Generating and Using SBoMs
