Managing Risk and Communication with SBOMs | 2min snip from The Open Source Way

Get the app

The Growing Importance of Software Bills of Materials (SBOM)

The Open Source Way

chevron_right

notes

CHAPTER

Managing Risk and Communication with SBOMs

This chapter explores the use of SPDX or Sykes on DX for managing risk and improving communication. It emphasizes the importance of focusing on minimum requirements and accurate information from suppliers, especially for larger organizations.

00:00

Transcript

chevron_right

Play full episode

chevron_right

Transcript

Episode notes

In this episode, our host Karsten Hohage talks to Max Mehl and Sebastian Wolf about Software Bills of Materials or SBOMs. An SBOM is a detailed record of all components within a software application, including open-source libraries, third-party dependencies and licenses. Max and Sebastian discuss the importance of SBOMs as well as some challenges and unanswered questions of the state of the art. They also speak with Karsten about SBOMs within SAP and Deutsche Bahn and the importance of SBOMs when it comes to open source.

Guests:

Max Mehl

Max has been committed to free and open-source software for many years. He is responsible for all aspects of open source at DB Systel. In this role, he supports Deutsche Bahn in using and contributing to open source professionally. He previously worked for the Free Software Foundation Europe (FSFE), where he coordinated initiatives such as REUSE and “Public Money? Public Code!”. He is a board member of FSFE and F-Droid and is involved in several projects as a maintainer.

GitHub: https://github.com/mxmehl
Mastodon: https://mastodon.social/@mxmehl
LinkedIn: https://www.linkedin.com/in/mxmehl/
Twitter: https://twitter.com/mxmehl
Blog: https://mehl.mx/blog/
Website: https://mehl.mx/

Sebastian Wolf

Sebastian is a development architect and has worked for the SAP OSPO since the beginning of 2020. He first joined SAP in 2003 as a student and has since worked in several development positions at, for example, SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture. He was engaged at the Corona-Warn-App project as a community manager from the very beginning and is now coordinating open-source consumption topics in the SAP OSPO.

Twitter: https://twitter.com/Ygriega
GitHub: https://github.com/Wunderfitz

Show Notes:

Slides: SBOMs – A short introduction · todogroup/ospology · Discussion #376 (github.com)
Software Bill of Deliveries (SBOD)
- Episode 34: Open Component Model (OCM) – Describe, Transport, Deploy
- https://ocm.software/
SBOM Everywhere
OSS Review Toolkit – https://github.com/oss-review-toolkit/ort
SPDX – https://spdx.dev/
CycloneDX – https://cyclonedx.org/
Deutsche Bahn Open Source: https://opensource.deutschebahn.com
SAP Open Source Program Office
- SAP Open Source at SAP Community
- SAP Open Source Twitter (@sapopensource)
- e-mail – ospo@sap.com

Additional Downloads
- Download the transcript as PDF-file

Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)

This image has an empty alt attribute; its file name is Karsten-Hohage.jpeg

LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

The post The Growing Importance of Software Bills of Materials (SBOM) first appeared on The Open Source Way.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Home Top podcasts Popular guests