The Growing Importance of Software Bills of Materials (SBOMs)

This chapter explores the growing significance of SBOMs due to legal requirements, security reasons, and auditability. It discusses initiatives, such as the open source security foundation's 'S-Bomb Everywhere' project, and highlights the need for community engagement and agreement on a minimal set of SBOM specifications.

Transcript

chevron_right

Play full episode

chevron_right

Transcript

Episode notes

In this episode, our host Karsten Hohage talks to Max Mehl and Sebastian Wolf about Software Bills of Materials or SBOMs. An SBOM is a detailed record of all components within a software application, including open-source libraries, third-party dependencies and licenses. Max and Sebastian discuss the importance of SBOMs as well as some challenges and unanswered questions of the state of the art. They also speak with Karsten about SBOMs within SAP and Deutsche Bahn and the importance of SBOMs when it comes to open source.

Guests:

Max Mehl

Max has been committed to free and open-source software for many years. He is responsible for all aspects of open source at DB Systel. In this role, he supports Deutsche Bahn in using and contributing to open source professionally. He previously worked for the Free Software Foundation Europe (FSFE), where he coordinated initiatives such as REUSE and “Public Money? Public Code!”. He is a board member of FSFE and F-Droid and is involved in several projects as a maintainer.

GitHub: https://github.com/mxmehl
Mastodon: https://mastodon.social/@mxmehl
LinkedIn: https://www.linkedin.com/in/mxmehl/
Twitter: https://twitter.com/mxmehl
Blog: https://mehl.mx/blog/
Website: https://mehl.mx/

Sebastian Wolf

Sebastian is a development architect and has worked for the SAP OSPO since the beginning of 2020. He first joined SAP in 2003 as a student and has since worked in several development positions at, for example, SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture. He was engaged at the Corona-Warn-App project as a community manager from the very beginning and is now coordinating open-source consumption topics in the SAP OSPO.

Twitter: https://twitter.com/Ygriega
GitHub: https://github.com/Wunderfitz

Show Notes:

Slides: SBOMs – A short introduction · todogroup/ospology · Discussion #376 (github.com)
Software Bill of Deliveries (SBOD)
- Episode 34: Open Component Model (OCM) – Describe, Transport, Deploy
- https://ocm.software/
SBOM Everywhere
OSS Review Toolkit – https://github.com/oss-review-toolkit/ort
SPDX – https://spdx.dev/
CycloneDX – https://cyclonedx.org/
Deutsche Bahn Open Source: https://opensource.deutschebahn.com
SAP Open Source Program Office
- SAP Open Source at SAP Community
- SAP Open Source Twitter (@sapopensource)
- e-mail – ospo@sap.com

Additional Downloads
- Download the transcript as PDF-file

Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)

This image has an empty alt attribute; its file name is Karsten-Hohage.jpeg

LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

The post The Growing Importance of Software Bills of Materials (SBOM) first appeared on The Open Source Way.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!

Get the app

Home Top podcasts Popular guests