Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the evolving landscape of Software Bill of Materials (SBoMs) with a focus on build-time information in this 28-minute conference talk from the Linux Plumbers Conference. Examine how SBoMs are becoming increasingly critical for regulatory compliance and supply chain security, with a growing emphasis on incorporating build-time data to enhance vulnerability management and security analysis. Learn about the current shift toward using build-time information to filter out irrelevant vulnerabilities that don't match compiled source code or configured features. Review existing methods for providing build-time SBoM information and analyze their limitations, including their tendency to be highly specific to particular build systems or toolchains, or their lack of appropriate context. Discover opportunities for collaboration at the build system level to develop more comprehensive solutions. Participate in discussions about potential improvements to make build-time information more accessible and beneficial across multiple software ecosystems, addressing the need for accurate and holistic information about the build-time software supply chain.
