Brussels / 3 & 4 February 2024

schedule

Software Bill of Materials devroom

Room: K.4.401
Calendar: iCal, xCal


09 10 11 12 13 14 15 16 17 18
Sunday Welcome to the SBOM devroom
 SPDX 3.0 - a migration journey
 Overview of SPDX tooling and how SPDX3 gets adopted
 FOSS for FOSS: DejaCode is your new FOSS control center for SBOMs
 Panel discussion: Software Naming
 SBOM: What's next?
 Protobom: The Universal I/O Layer of SBOM
 Know Your Ingredients: Security Starts With the SBOM
 Make your software products trustable
 Can SBOMs become first-class citizens in Open Source ecosystems?
 SPDX in the Yocto Project
 How to make SPDX industry standard for AI/ML
 Application of the SPDX Safety Profile in the Safety Scope of the Zephyr Project
 SBOMs that you can trust - the good, the bad, and the ugly
 12 months of SBOMs - an experience report
 Phantom dependencies in Python (and what to do about them)
 Open Source based Software Composition Analysis at scale
 Getting lulled into a false sense of security by SBOM and VEX
 Panel discussion: Best practices managing SBOMs in the supply chain
 Sharing and reusing SBOMs with the OSSelot curation database
 The Case For Inventoring Corresponding Source in SBOMs

Read the Call for Papers at https://hackmd.io/@spdx/fosdem2024-cfp.

Event Speakers Start End

Sunday
  Welcome to the SBOM devroom
 Alexios Zavras (zvr), Adolfo García Veytia, Kate Stewart 09:00 09:05
  SPDX 3.0 - a migration journey
 Gary O'Neall 09:05 09:30
  Overview of SPDX tooling and how SPDX3 gets adopted
 Maximilian Huber 09:30 09:45
  FOSS for FOSS: DejaCode is your new FOSS control center for SBOMs
 Philippe Ombredanne 09:45 10:00
  Panel discussion: Software Naming
 Alexios Zavras (zvr), Philippe Ombredanne, Aeva Black, Kate Stewart 10:00 10:30
  SBOM: What's next?
 Vasu Chandrasekhara 10:30 10:45
  Protobom: The Universal I/O Layer of SBOM
 Adolfo García Veytia 10:45 11:00
  Know Your Ingredients: Security Starts With the SBOM
 Stephen Chin 11:00 11:30
  Make your software products trustable
 Marco Rizzi, Dejan Bosanac, Phil Cattanach 11:30 11:45
  Can SBOMs become first-class citizens in Open Source ecosystems?
 Salve J. Nilsen 11:45 12:00
  SPDX in the Yocto Project
 Joshua Watt 12:00 12:15
  How to make SPDX industry standard for AI/ML
 Cheuk Ting Ho 12:15 12:30
  Application of the SPDX Safety Profile in the Safety Scope of the Zephyr Project
 Nicole Pappler, Stanislav Pankevich 12:30 13:00
  SBOMs that you can trust - the good, the bad, and the ugly
 Daniel Liszka, Miguel Martinez Trivino 13:00 13:30
  12 months of SBOMs - an experience report
 Anthony Harrison 13:30 14:00
  Phantom dependencies in Python (and what to do about them)
 Georgios Gousios 14:00 14:30
  Open Source based Software Composition Analysis at scale
 Marcel Kurzmann 14:30 15:00
  Getting lulled into a false sense of security by SBOM and VEX
 Henrik Plate 15:00 15:30
  Panel discussion: Best practices managing SBOMs in the supply chain
 Alexios Zavras (zvr), Adolfo García Veytia, Jeff Mendoza, Arun Azhakesan 15:30 16:00
  Sharing and reusing SBOMs with the OSSelot curation database
 Caren Kresse 16:00 16:30
  The Case For Inventoring Corresponding Source in SBOMs
 Bradley M. Kuhn 16:30 17:00