AI, Data Science & Cloud Certificates from Google, IBM & Meta
Build with Azure OpenAI, Copilot Studio & Agentic Frameworks — Microsoft Certified
Overview
Build a Learning Habit
Download Class Central's free printable study calendar
Download for Free
Explore the complexities of Software Bill of Materials (SBOM) quality and compliance beyond basic generation tools in this 34-minute conference talk from the Linux Foundation. Learn why simply having an "SBOM button" is insufficient for meeting cybersecurity regulations introduced by governments in India, the US, EU, and other regions that require software maintainers, contributors, and developers to understand their dependencies and associated risks including vulnerabilities, licensing issues, unmaintained software, and unknown origins. Discover the challenges that make accurate compliance difficult, including false positives, undeclared file and code snippet reuse, vulnerability reachability assessment, binary scanning complexities, new manifest and exchange formats, and vulnerability disclosure processes. Gain insights into best practices for safe open source software reuse and learn about open source tools that can automate software supply chain management effectively. Understand how to resolve common compliance pipeline challenges and implement quality-focused approaches to SBOM generation that go beyond superficial checkmarks to achieve genuine security and licensing compliance.
Syllabus
SBOM Quality: We Need More Than a Simple “SBOM Button” for Compliance - Ayan Sinha Mahapatra, NexB
Taught by
Linux Foundation