The Software Bill of Materials (SBOM) is a key artefact to support processes in securing software – for risk management, license compliance and vulnerability handling. But it is much more than a single file, it’s a set of data that will need management, enrichment and updates.
This class is an introduction to the software bill of materials, the standards, requirements from legislations and how it fits in the software development tool chain.
Target audience: Introduction level
- Product management
- Development and engineering teams
- Security, compliance and risk professionals
Workshop Objectives
- Understand the role of SBOM in the software engineering lifecycle
- Understand the data required in SBOMs, learn how to evaluate SBOM data
- Get a practical insight into best practises in creating and managing SBOMs
- Understand the role of SBOMs in automatic vulnerability management
Workshop topics include
- Software Supply Chain basics
- Introduction to the Software Bill of Materials
- SBOM standards and formats
- Different types of SBOMs
- SBOM Quality and minimum data requirements
- SBOMs in the Open Source ecosystem
- SBOM generation – automation
- SBOM management platforms
- SBOM use cases, including vulnerability management
- Summary: SBOMs today and the future
Workshop format
- A three hour session
- On site in Europe, virtual sessions available elsewhere
- Cost depending on number of participants and location
- The separate workshop “SBOM in practise” is a recommended addition
Additional information
- Teachers: Anthony Harrison and/or Olle E. Johansson