How I Learned to Stop Worrying and Love the SBOM

Channel:
Eclipse Foundation
Subscribers:
24,000
Published on ● Video Link: https://www.youtube.com/watch?v=42epwIFI_jg


Duration: 39:30
186 views
8

Presented by Shelley Lambert (Red Hat, Inc.) at EclipseCon 2022.

Would you eat something where you didn't know the ingredients? Likely not. Then why are you building or running software where you have no idea what is in it? A Software Bill of Materials (SBOM) is an essential artifact that helps 'make known' the dependencies and inputs of a piece of software, essentially an SBOM tells you the ingredients of the software. Do not worry if you have never heard of an SBOM, this presentation will give you both a good understanding of what it is, but also how it can be leveraged. Beyond describing the purpose and value of an SBOM and how it fits into an overall Secure Software Development Framework, this talk will reference a real example of the Eclipse Temurin SBOM to illustrate how enterprise consumers can use it to secure their software supply chains. Consumers can stop worrying and start loving SBOMs as it helps them audit, trace and secure the software they are using, reducing fear of unknown malicious actors and getting on with their business. In the very near future, all software will come with a bill of materials, just as food products come with a list of ingredients.



Other Videos By Eclipse Foundation


2022-11-24Eclipse Muto
2022-11-24Open Source Software Supply Chain Security — Why does it matter?
2022-11-24Reaching and Equipping the Next Generation of Open Source Developers
2022-11-24Free and Open Source Hardware to enable RISC-V IoT Applications With Eclipse Foundation and OpenHW
2022-11-24Bringing hawkBit to production
2022-11-24Eclipse Hara: Updating Embedded Devices with hawkBit Made Easy
2022-11-24Theia.cloud - Running Theia-based products in the cloud
2022-11-24Diagram Editors with GLSP: Why flexibility is key
2022-11-24NabLab from Eclipse to VSCode thanks to LSP & Sirius Web
2022-11-24Eclipse JKube - What's up, Doc?
2022-11-23How I Learned to Stop Worrying and Love the SBOM
2022-11-22Eclipse Tips & Tricks - 2022
2022-11-22Adopting Theia - Insights from an Initial Contributor
2022-11-22How to build for and market to developers (sponsored by Yatta)
2022-11-22Intel Pathfinder for RISC-V & OpenHW CORE-V CVA6 Open-Source Core
2022-11-22CDO-LM: A Module System for Models
2022-11-22Adaptive Threading: The Goldilocks Dilemma with GC Parallelism
2022-11-22Building AI Pipelines with Eclipse Graphene
2022-11-22Open-Source HW Commercial Adoption: Lessons Learned
2022-11-22Rust: Embedded, Async, All the Way
2022-11-22How to Train Your Dragon and Its Friends: AI on the Edge with Eclipse Kura