Going Beyond SBOM Generation - Ensuring Quality, Compliance, and Real Security Readiness

Explore advanced SBOM (Software Bill of Materials) management in this 20-minute conference talk that addresses critical challenges beyond basic SBOM generation. Learn why the Log4Shell vulnerability highlighted the urgent need for comprehensive software component visibility and discover how low-quality, incomplete, or inaccurate SBOMs can pose significant security risks and compliance violations under regulations like the Cyber Resilience Act (CRA). Master techniques for assessing SBOM quality, enriching them with missing or corrected data, and ensuring compliance with standards including NTIA, BSI, CRA, and OCT. Gain hands-on experience with open source tools such as sbomqs for quality assessment, sbomasm for SBOM assembly and enrichment, parlay for dependency analysis, sbommv for SBOM validation, and Dependency-Track for comprehensive SBOM management. Transform raw SBOMs into actionable, deployment-ready documents suitable for SBOM management platforms, consumer sharing, and government reporting requirements.