Attending this event?
September 27-30, 2021
Seattle, Washington, USA + Virtual
View More Details & Registration

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit + Embedded Linux Conference + OSPOCon 2021 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Pacific Daylight Time (UTC -7). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.

IMPORTANT NOTE: Timing of sessions and room locations are subject to change through Friday, August 27 due to schedule changes that will be made as speakers finalize whether speaking in person or virtually. 

Back To Schedule
Wednesday, September 29 • 11:30am - 12:20pm
Open Source Tooling for Software Bill of Materials - Gareth Rushgrove, Snyk

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

A software bill of materials, or SBOM, is a list of components that make up a given application. Think of it like a list of ingredients on food packaging. Understanding what the software you're running consists of is useful for lots of use cases, from license compliance to software supply chain threats. Although not a new idea we’re at the point where SBOMs are about to go mainstream. The recent executive order from the US President, work on SPDX 3.0, CycloneDX moving to OWASP and open collaboration under the NTIA SBOM working group to name a few. But where do we stand with regards to open source tooling to produce and consume SBOMs? In this talk we will: * Quickly introduce SBOMs, with a focus on open source developers * Look at the specifications and schemas for open standards like SPDX * Talk about opportunities with other open specifications, including the new Artifact Reference Types in OCI * Survey existing open source tools for working with SBOMs * Discuss what’s missing, including mature open source libraries, and what the community can do about it The audience should come away with: * Up-to-date knowledge about recent work on SBOMs * Some open source tools to start working with SBOMs today * Lots of ideas for new projects or initiatives to get involved with

avatar for Gareth Rushgrove

Gareth Rushgrove

VP Product, Snyk
Gareth Rushgrove is VP of Product at Snyk, working remotely from Cambridge, UK, helping to build interesting tools for people to better secure their applications. He has previously worked for the UK Government Digital Service focused on infrastructure, operations and information security... Read More →

Wednesday September 29, 2021 11:30am - 12:20pm PDT
MeetingPlay Platform + Virtual Learning Lab
Feedback form isn't open yet.