This event has ended. Visit the official site or create your own event on Sched.
One Track
Lots of Flavor
Thursday, April 18 • 9:30am - 10:00am
SBoMs (software bill of materials) – the looming format skirmish

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

SBoMs – suddenly an item on every customer’s checklist. They all _KNOW_ they simply must have one to accompany their latest enterprise software purchase. But how many know what they are asking for? Is SBoM even a defined thing? It may be more likely that they think about SBoMs theoretically than practice. Many define SBoMs.

SBoMs are supposed to provide us information efficiently. But how is that information stored – how do we generate it, and how do end users consume it? Despite the fact that it’s 2019 – it seems the overwhelming choice remains CSV files managed by Excel. That doesn’t mean that there aren’t viable formats beyond unstructured CSV files. Indeed, there are a plethora of formats that are purpose-built for describing the third-party components composition of a software package. Indeed we’ve had Software Bill of Materials available in human and machine readable formats for decades now; even if few were using them.

In this talk we’ll cover the leading SBoM formats (SWID, SPDX, and CSV) as well as glancing back at some of the tools that used in days gone by. We’ll examine the landscape of SBoM hype and which way governments, industry, and standards orgs are headed. After all there is nothing worse than delivering an SBoM that no one can read. We’ll also answer questions like “Is this a zero sum game?” and “
Attendees will learn about tools to generate and read SBoMs in numerous formats. We’ll also explore avoiding format lock-in. Attendees will also take away an understanding of the landscape, and the strengths and weaknesses of the formats to be able to make informed decisions on the path to SBoM happiness.


David Nalley

Open Source Guy, BlackBerry
David Nalley is a recovering sysadmin who still feels phantom vibrations from decade plus absent pager. David is a former member of Apache Software Foundation’s Board of Directors and currently serves as the Vice-President of Infrastructure for the ASF. David helped build cloudy... Read More →

Thursday April 18, 2019 9:30am - 10:00am HST
Halele'a Room (Salon 2) 3610 Rice Street, Lihue, Hawaii 96766, USA