Discover the importance of software bill of materials (SBOMs) and the challenges of using open source code in application development in this 34-minute Devoxx conference talk. Explore the implications of new legislation surrounding SBOMs, the risks of using unverified code, and the concept of "raw materials" in software development. Learn about best practices for creating secure, robust, and compliant applications, including the use of software composition analysis and static analysis tools. Gain insights into the types of applications that may not be suitable for open source code and understand how to navigate the complex landscape of software security and compliance. Walk away with practical strategies to ensure your applications remain secure and compliant while leveraging the benefits of open source software.
Why Building Your Ship with Raw Materials is a Bad Idea
Overview
Syllabus
Introduction
About Sonotype
About Open Source
Problems with Open Source
Software Composition Analysis
Scary Facts
Legislation
Sbombs
Security
Raw Materials
Static Analysis Tools
Check your dependencies
Useful links
Get in touch
Outro
Taught by
Devoxx
Related Courses
-
DevSecOps Fundamentals
-
Application Security for Developers and DevOps Professionals
-
Using Python to Manage Software Bill of Materials
-
Generating Software Bill of Materials - Mentorship Session
-
Manage Open Source, Security and SBOMs for Software Projects and Organizations
-
Infusing Security Into the Application Development Process
