Session Name: How I Learned To Stop Worrying and Love the SBOM
Would you eat something where you didn't know the ingredients? Likely not. Then why are you building or running software where you have no idea what is in it? A Software Bill of Materials (SBOM) is an essential artifact that helps 'make known' the dependencies and inputs of a piece of software, essentially an SBOM tells you the ingredients of the software. Do not worry if you have never heard of an SBOM, this presentation will give you both a good understanding of what it is, but also how it can be leveraged. Beyond describing the purpose and value of an SBOM and how it fits into an overall Secure Software Development Framework, this talk will reference a real example of the Eclipse Temurin SBOM to illustrate how enterprise consumers can use it to secure their software supply chains. Consumers can stop worrying and start loving SBOMs as it helps them audit, trace and secure the software they are using, reducing fear of unknown malicious actors and getting on with their business. In the very near future, all software will come with a bill of materials, just as food products come with a list of ingredients.
Shelley is a software engineer at Red Hat. She is a PMC member at Eclipse Adoptium and serves as project lead and committer on several Eclipse projects. She is deeply committed to creating environments where everyone has opportunities to learn and grow. A great deal of her time is spent ensuring the projects she is responsible for are flourishing, which includes actively engaging new and first-time open source contributors.