What's in the SOSS? An OpenSSF Podcast

Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX

Jun 18, 2024

Adolfo García Veytia, a Staff Software Engineer at Stacklok, delves into the importance of SBOMs, VEX projects, and standards in the software supply chain. He shares insights on open source contributions, communication tools, and advice for aspiring professionals.

18:11

Episode guests

Adolfo García Veytia

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Software Bill of Materials (S-BOM) enhances software transparency and informed decision-making for developers and consumers.

S-BOM standards like SPDX and Seq1DX, along with tools like Protobomb, streamline efficient management of S-BOM data.

Deep dives

Importance of Software Bill of Materials (S-BOM)

Software Bill of Materials (S-BOM) is crucial for transparency in the software supply chain, providing a detailed list of the components within a software. It enables developers and consumers to make informed decisions regarding the software they use, especially when incorporating third-party components. S-BOM serves as the foundation for a transparent supply chain, akin to knowing the ingredients of a meal before consuming it.

Intro

2min

Understanding Software Bills of Materials (S-BOMs) and Standards

10min

Exploring Different States in VEX Statements for Vulnerability Assessments

2min

Discussion on Communication Tools, Personal Preferences, and Advice for Young Developers

2min

Encouragement for Engagement in ProTobahn and OpenVex Projects

2min

The world of software bill of materials (SBOMs) is both complex and fascinating. And few people know the SBOM community better than Adolfo García Veytia — aka Puerco — Staff Software Engineer at Stacklok. Puerco is also a Technical Lead with Kubernetes SIG Release specializing in supply chain improvements to the software that drives the automation behind the release process.

Puerco is one of the original authors of OpenVEX, an OpenSSF project working towards a minimal implementation of VEX that can be easily embedded and attested. He's also a contributor to the SPDX project and a maintainer of several SBOM OSS tools. He’s passionate about writing software with friends, helping new contributors and amplifying the Latinx presence in the cloud-native community.

01:04 - Puerco shares his background
02:21 - What SBOMs are and why they’re so important
06:42 - An overview of standards in the SBOM space
09:58 - Puerco details his work on VEX projects
14:05 - Puerco enters the rapid-fire portion of the interview
15:06 - Advice Puerco would offer aspiring open source or security professionals
16:12 - Puerco’s call to action for listeners

Links

Adolfo García Veytia’s LinkedIn page

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

What's in the SOSS? An OpenSSF Podcast

Stacklok's Adolfo García Veytia Digs Into SBOMs and VEX

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Software Bill of Materials (S-BOM)

Types of S-BOM and their Evolution in the Software Lifecycle

Standards and Tools in the S-BOM Space

Remember Everything You Learn from Podcasts