Loading…
May 10-12, 2023
Vancouver, British Columbia, Canada + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC/GMT -8). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Friday, May 12 • 11:00am - 11:40am
An SBOM Primer: From Licenses to Security, Know What’s in Your Code, or Someone Else’s! - Jeff Shapiro, The Linux Foundation & Gary O'Neall, Source Auditor

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Hey, I heard about this new thing called an SBOM, and a lot of my users are asking for one! What is it and how can it help? The Software Bill Of Materials (SBOM) isn’t new, but it is more important than ever, and is often being requested (or even required) for many open source projects. It’s a great way to inventory every component that goes into making your project what it is. It allows you to catalog every source code module, binary package, library, artifact, and dependency. It’s super helpful when it’s time for license compliance and tracking security vulnerabilities! It not only helps you, but it also helps your downstream users. Including an SBOM with your project can increase adoption and usage of your code by giving users critical information they need in a standard and easy to use format.

Ok, so how do I go about creating my SBOM? We will discuss this, as well as what goes into an SBOM, how to use it, when it’s required, industry standards, and more! This presentation is sure to be a hit, don’t miss out! This session is suitable for anyone who is new to open source, curious about SBOMs, and includes those who already have some knowledge but want a deeper level of understanding.
Speakers
avatar for Gary O'Neall

Gary O'Neall

CEO, Source Auditor
Gary O’Neall is a contributor to the Software Package Data Exchange® (SPDX™) - a standard format for communicating the components, licenses and copyrights associated with a software package. He has contributed several open source tools which can be found at http://spdx.org/s... Read More →
avatar for Jeff Shapiro

Jeff Shapiro

Director of License Scanning, The Linux Foundation
Jeff Shapiro is the license scanning manager for The Linux Foundation. He has 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance.

SBOM Primer GM3 pdf
Friday May 12, 2023 11:00am - 11:40am PDT
121 (Level 1)
  SupplyChainSecurityCon
  • Audience Level Any
  • Session Slides Attached Yes