We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

The 7 key ingredients of a great SBOM

Formal Metadata

Title
The 7 key ingredients of a great SBOM
Subtitle
Ensuring your SBOM includes enough data to be actionable
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
SBOMs vary wildly in the data they offer to consumers and to make the truly useful we need to consider seven important points in their contents. Let's immerse ourselves into real-world software bill of materials data to look for the required features all great SBOMs ought to have. As a record of components, SBOMs can vary wildly in how they describe software. Some SBOMs lean toward security and some toward licensing. Some do a good job in their own niche, while others do not even offer enough information to even understand what it is they are talking about. In this talk, we will try to visit the 7 key data points (syntactic correctness, dependencies, licensing, semantic structure, software identifiers, supplier data, and software integrity info) required to make sure your SBOM is useful to the widest possible audience. We will take an inner look into real-world SBOMs using the Kubernetes bom outliner. We will inspect how they are structured, and the data they offer looking for clues on how we could improve them with the goal of learning what a great Software Bill of Materials looks like.