![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=60,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Discover why Software Bills of Material (SBOMs) often contain inaccuracies and learn how to create more reliable, cryptographically verifiable SBOMs in this conference talk from New York University researchers. Explore the critical role SBOMs play in improving visibility and security within the software supply chain, particularly as open-source code becomes increasingly prevalent in modern development. Examine real-world security incidents like SolarWinds (2020) and Kaseya (2021) that demonstrate the urgent need for stronger software supply chain security measures. Understand the common causes of SBOM inaccuracies, including challenges with dependency management file analysis (such as cargo.toml for Rust projects), and how these inaccuracies create vulnerabilities that attackers can exploit. Learn about SBOMit, an OpenSSF sandbox project that leverages in-toto attestations to address these accuracy issues by capturing supply chain steps as they occur in real-time. Gain insights into how SBOMit's cryptographically verifiable approach enhances SBOM accuracy, mitigates tampering risks, and strengthens overall security across the CNCF ecosystem, providing practical solutions for organizations seeking to improve their software supply chain transparency and security posture.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
