Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how two critical software supply chain security frameworks can work together more effectively in this 40-minute panel discussion from the Linux Foundation. Learn about the synergies and differences between Software Bill of Materials (SPDX SBOM) and Supply-chain Levels for Software Artifacts (SLSA), with SPDX SBOM providing detailed inventories of software components, dependencies, and metadata, while SLSA ensures components are built through verifiable, tamper-resistant processes with clear provenance. Discover how SLSA's provenance and authentication mechanisms can enhance the trustworthiness of SBOMs, examine overlapping fields captured by both standards, and understand the importance of interoperability and shared roadmaps to reduce duplication while leveraging respective strengths. Gain insights into establishing clear separation of concerns where SLSA handles provenance and verification while SPDX SBOM captures comprehensive component metadata, reducing redundancy and promoting more efficient adoption. Understand how aligning these standards can improve software supply chain security and reliability while fostering collaboration for cohesive evolution within the open-source community, presented by experts from Google, The Linux Foundation, and Carnegie Mellon University's Software Engineering Institute.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
