Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the complexities of Software Bill of Materials (SBOM) quality and compliance beyond basic generation tools in this 34-minute conference talk from the Linux Foundation. Learn why simply having an "SBOM button" is insufficient for meeting cybersecurity regulations introduced by governments in India, the US, EU, and other regions that require software maintainers, contributors, and developers to understand their dependencies and associated risks including vulnerabilities, licensing issues, unmaintained software, and unknown origins. Discover the challenges that make accurate compliance difficult, including false positives, undeclared file and code snippet reuse, vulnerability reachability assessment, binary scanning complexities, new manifest and exchange formats, and vulnerability disclosure processes. Gain insights into best practices for safe open source software reuse and learn about open source tools that can automate software supply chain management effectively. Understand how to resolve common compliance pipeline challenges and implement quality-focused approaches to SBOM generation that go beyond superficial checkmarks to achieve genuine security and licensing compliance.
