One of the most neglected parts of application security is the ingredients that go into developing software. Over 80 percent of code used in enterprise applications comes from open-source dependencies, but how much attention goes towards the software bill of materials that tells you the provenance and security of those packages?

This is analogous to a restaurant where you invest in modern decor, professional chefs, and world-class service. But if you don’t get fresh, quality ingredients delivered daily, the taste and hygiene of the food will suffer and the restaurant won’t be successful. Securing the software supply chain is a huge undertaking for the entire tech industry, and we will talk about some of the ongoing efforts by open-source projects, foundations, and corporations to help us all know the SBOM of our ingredients.