Understanding Software Bills of Materials (S-BOMs) and Standards

The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process. 

Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of several SBOM OSS tools. He’s passionate about writing software with friends, helping new contributors and amplifying the Latinx presence in the cloud-native community.

• 01:04 - Puerco shares his background
• 02:21 - What SBOMs are and why they’re so important
• 06:42 - An overview of standards in the SBOM space
• 09:58 - Puerco details his work on VEX projects
• 14:05 - Puerco enters the rapid-fire portion of the interview
• 15:06 - Advice Puerco would offer aspiring open source or security professionals
• 16:12 - Puerco’s call to action for listeners

Links

• Adolfo García Veytia’s LinkedIn page