Brussels / 3 & 4 February 2024

schedule

Software Bill of Materials devroom


09 10 11 12 13 14 15 16 17 18
Sunday Welcome to the SBOM devroom
SPDX 3.0 - a migration journey
Overview of SPDX tooling and how SPDX3 gets adopted
FOSS for FOSS: DejaCode is your new FOSS control center for SBOMs
Panel discussion: Software Naming
SBOM: What's next?
Protobom: The Universal I/O Layer of SBOM
Know Your Ingredients: Security Starts With the SBOM
Make your software products trustable
Can SBOMs become first-class citizens in Open Source ecosystems?
SPDX in the Yocto Project
How to make SPDX industry standard for AI/ML
Application of the SPDX Safety Profile in the Safety Scope of the Zephyr Project
SBOMs that you can trust - the good, the bad, and the ugly
12 months of SBOMs - an experience report
Phantom dependencies in Python (and what to do about them)
Open Source based Software Composition Analysis at scale
Getting lulled into a false sense of security by SBOM and VEX
Panel discussion: Best practices managing SBOMs in the supply chain
Sharing and reusing SBOMs with the OSSelot curation database
The Case For Inventoring Corresponding Source in SBOMs

Read the Call for Papers at https://hackmd.io/@spdx/fosdem2024-cfp.

Event Speakers Start End

Sunday

  Welcome to the SBOM devroom
Alexios Zavras (zvr), Adolfo García Veytia, Kate Stewart 09:00 09:05
  SPDX 3.0 - a migration journey
Gary O'Neall 09:05 09:30
  Overview of SPDX tooling and how SPDX3 gets adopted
Maximilian Huber 09:30 09:45
  FOSS for FOSS: DejaCode is your new FOSS control center for SBOMs
Philippe Ombredanne 09:45 10:00
  Panel discussion: Software Naming
Alexios Zavras (zvr), Philippe Ombredanne, Aeva Black, Kate Stewart 10:00 10:30
  SBOM: What's next?
Vasu Chandrasekhara 10:30 10:45
  Protobom: The Universal I/O Layer of SBOM
Adolfo García Veytia 10:45 11:00
  Know Your Ingredients: Security Starts With the SBOM
Stephen Chin 11:00 11:30
  Make your software products trustable
Marco Rizzi, Dejan Bosanac, Phil Cattanach 11:30 11:45
  Can SBOMs become first-class citizens in Open Source ecosystems?
Salve J. Nilsen 11:45 12:00
  SPDX in the Yocto Project
Joshua Watt 12:00 12:15
  How to make SPDX industry standard for AI/ML
Cheuk Ting Ho 12:15 12:30
  Application of the SPDX Safety Profile in the Safety Scope of the Zephyr Project
Nicole Pappler, Stanislav Pankevich 12:30 13:00
  SBOMs that you can trust - the good, the bad, and the ugly
Daniel Liszka, Miguel Martinez Trivino 13:00 13:30
  12 months of SBOMs - an experience report
Anthony Harrison 13:30 14:00
  Phantom dependencies in Python (and what to do about them)
Georgios Gousios 14:00 14:30
  Open Source based Software Composition Analysis at scale
Marcel Kurzmann 14:30 15:00
  Getting lulled into a false sense of security by SBOM and VEX
Henrik Plate 15:00 15:30
  Panel discussion: Best practices managing SBOMs in the supply chain
Alexios Zavras (zvr), Adolfo García Veytia, Jeff Mendoza, Arun Azhakesan 15:30 16:00
  Sharing and reusing SBOMs with the OSSelot curation database
Caren Kresse 16:00 16:30
  The Case For Inventoring Corresponding Source in SBOMs
Bradley M. Kuhn 16:30 17:00