Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Navigating the SBOM landscape: Formats, relevan...

Navigating the SBOM landscape: Formats, relevance, and tooling in 2024 @ BSides Bristol '24

Viktor Petersson

August 30, 2024
Tweet

More Decks by Viktor Petersson

Other Decks in Technology

Transcript

  1. N a vig a ting the SBOM l a ndsc

    a pe: Form a ts, relev a nce, a nd tooling in 2024 Viktor Petersson vpetersson.com
  2. Product SBOM Project SBOM(s) Component SBOM(s) Smart Thermostat Backend IoT

    Device Python SBOM Node SBOM Docker SBOM Rust SBOM Project SBOM Project SBOM
  3. H a ndling SBOMs tod a y feels like m

    a n a ging source code in the 90s, with p a tches sent over em a il.
  4. Vendor 1 sbomify Vendor 2 Vendor 3 Buyer 1 Buyer

    2 Buyer 3 SBOM(s) SBOM(s) SBOM(s) Compliance Audit Security Audit License Audit
  5. Product SBOM Project SBOM(s) Component SBOM(s) Smart Thermostat Backend IoT

    Device Python SBOM Node SBOM Docker SBOM Rust SBOM Project SBOM Project SBOM
  6. More re a ding • NTIA Minimum Elements • Fr

    a ming Softw a re Component Tr a nsp a rency: Est a blishing a Common Softw a re Bill of M a teri a ls (SBOM) (2nd edition) • 3nd edition is rele a sed shortly • SBOM Resources • CISA Working Group: SBOM Gener a tion • Sh a meless self plug: sbomify • Slides will be a v a il a ble on vpetersson.com/ a bout Sc a n for deep dive!