Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical security vulnerabilities in Software Bills of Material (SBOMs) and discover how to create more accurate, trustworthy documentation of software dependencies in this 41-minute conference talk from the Linux Foundation. Learn why current SBOMs frequently contain inaccuracies that create security blind spots, understand how attackers exploit these weaknesses, and examine the challenges of dependency management file analysis across different programming languages like Rust's cargo.toml. Discover SBOMit, an innovative OpenSSF sandbox project that uses in-toto attestations to generate cryptographically verifiable SBOMs by capturing supply chain steps in real-time, thereby enhancing accuracy and preventing tampering. Gain insights into how this approach strengthens software supply chain security in response to major attacks like SolarWinds and Kaseya, and understand SBOMit's potential impact on improving SBOM reliability throughout the CNCF ecosystem.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
