The Growing Importance of Software Bills of Materials (SBOM)

In this episode, our host Karsten Hohage talks to Max Mehl and Sebastian Wolf about Software Bills of Materials or SBOMs. An SBOM is a detailed record of all components within a software application, including open-source libraries, third-party dependencies and licenses. Max and Sebastian discuss the importance of SBOMs as well as some challenges and unanswered questions of the state of the art. They also speak with Karsten about SBOMs within SAP and Deutsche Bahn and the importance of SBOMs when it comes to open source.

Guests:

Max Mehl

Max has been committed to free and open-source software for many years. He is responsible for all aspects of open source at DB Systel. In this role, he supports Deutsche Bahn in using and contributing to open source professionally. He previously worked for the Free Software Foundation Europe (FSFE), where he coordinated initiatives such as REUSE and “Public Money? Public Code!”. He is a board member of FSFE and F-Droid and is involved in several projects as a maintainer.

• GitHub: https://github.com/mxmehl
• Mastodon: https://mastodon.social/@mxmehl
• LinkedIn: https://www.linkedin.com/in/mxmehl/
• Twitter: https://twitter.com/mxmehl  
• Blog: https://mehl.mx/blog/
• Website: https://mehl.mx/

Sebastian Wolf

Sebastian is a development architect and has worked for the SAP OSPO since the beginning of 2020. He first joined SAP in 2003 as a student and has since worked in several development positions at, for example, SAP SRM, ABAP Development Tools, the SAP Community Network, and Central Architecture. He was engaged at the Corona-Warn-App project as a community manager from the very beginning and is now coordinating open-source consumption topics in the SAP OSPO.

• Twitter: https://twitter.com/Ygriega
• GitHub: https://github.com/Wunderfitz

Show Notes:

• Slides: SBOMs – A short introduction · todogroup/ospology · Discussion #376 (github.com)
• Software Bill of Deliveries (SBOD)
  • Episode 34: Open Component Model (OCM) – Describe, Transport, Deploy
  • https://ocm.software/
• SBOM Everywhere
  • Open Source Security Foundation (OpenSSF) – SBOM Everywhere – Special Interest Group
  • SBOM Everywhere and the Security Tooling Working Group: Providing the Best Security Tools for Open Source Developers (Blog)
  • How SAP paved the road for 30k+ developers – PlatformCon 2023 (Video)
• OSS Review Toolkit – https://github.com/oss-review-toolkit/ort
• SPDX – https://spdx.dev/
• CycloneDX – https://cyclonedx.org/
• Deutsche Bahn Open Source: https://opensource.deutschebahn.com
• SAP Open Source Program Office
  • SAP Open Source at SAP Community
  • SAP Open Source Twitter (@sapopensource)
  • e-mail – ospo@sap.com   

• Additional Downloads
  • Download the transcript as PDF-file

Hosted by Karsten Hohage – Product Expert in Technology and Innovation (T&I)

LinkedIn: https://www.linkedin.com/in/karsten-hohage-0180312/

The post The Growing Importance of Software Bills of Materials (SBOM) first appeared on The Open Source Way.