Brussels / 31 January & 1 February 2026

schedule

FOSDEM 2026
/
Schedule
/
Tracks
/
Developer rooms
/
SBOMS and supply chains

SBOMS and supply chains

Room: UD2.208 (Decroly)
Calendar: iCal, xCal
Chat: Join the conversation!

	09												10												11												12												13												14												15												16												17												18
Sunday	Welcome to the SBOMs and Supply Chains devroom!		The day in a life of a SBOM				When One Product Has Three SBOMs: Lessons from Embedded Vulnerability Management						Contextual SBOMs and impact on vulnerability management						Beyond SBOM: Integrating VEX into Open Source Workflows						From Passive Data to Active Defense: Supply Chain Policy-as-Code with Conforma						CRA-Ready SBOMs: A Practical Blueprint for High-Quality Generation						Deutsche Bahn's Approach to Large-Scale SBOM Collection and Use				How public administrations are shifting their software supply chain paradigms – and why now				LibreOffice and Collabora Online - how we managed to automate SBOM generation for a large legacy project								Forget SBOMs, use PURLs				How to create the SBOM for the Linux kernel				What is new in SPDX 3.1 which is now a Living Knowledge Graph						A semantic framework for modelling and analysing supply chains through SBOMs						Bringing Functional Safety to the SBOM: Automating Compliance with the SPDX Safety Profile						C/C++ Build-time SBOMs with pkgconf						Enhancing Swift’s Supply Chain Security: Build-time SBOM Generation in Swift Package Manager						Generating SBoMs for BuildStream projects

Read the Call for Papers at https://lists.fosdem.org/pipermail/fosdem/2025q4/003702.html.

Event		Speakers	Start	End
Sunday
	Welcome to the SBOMs and Supply Chains devroom!	Alexios Zavras (zvr), Kate Stewart, Adolfo García Veytia, Thomas Steenbergen	09:00	09:10
	The day in a life of a SBOM	Anthony Harrison	09:10	09:30
	When One Product Has Three SBOMs: Lessons from Embedded Vulnerability Management	Marta Rybczynska	09:30	10:00
	Contextual SBOMs and impact on vulnerability management	Erik Mravec, Martin Jediný	10:00	10:30
	Beyond SBOM: Integrating VEX into Open Source Workflows	Piotr P. Karwasz	10:30	11:00
	From Passive Data to Active Defense: Supply Chain Policy-as-Code with Conforma	Stefano Pentassuglia	11:00	11:30
	CRA-Ready SBOMs: A Practical Blueprint for High-Quality Generation	Viktor Petersson	11:30	12:00
	Deutsche Bahn's Approach to Large-Scale SBOM Collection and Use	Max Mehl, Henry Sachs	12:00	12:20
	How public administrations are shifting their software supply chain paradigms – and why now	Julian Schauder	12:20	12:40
	LibreOffice and Collabora Online - how we managed to automate SBOM generation for a large legacy project	Thorsten Behrens	12:40	13:00
	Forget SBOMs, use PURLs	Philippe Ombredanne, Steve Springett	13:20	13:40
	How to create the SBOM for the Linux kernel	Maximilian Huber	13:40	14:00
	What is new in SPDX 3.1 which is now a Living Knowledge Graph	Karen Bennet	14:00	14:30
	A semantic framework for modelling and analysing supply chains through SBOMs	Giacomo Tenaglia	14:30	15:00
	Bringing Functional Safety to the SBOM: Automating Compliance with the SPDX Safety Profile	Nicole Pappler	15:00	15:30
	C/C++ Build-time SBOMs with pkgconf	Ariadne Conill	15:30	16:00
	Enhancing Swift’s Supply Chain Security: Build-time SBOM Generation in Swift Package Manager	Ev Cheng, Sam Khouri	16:00	16:30
	Generating SBoMs for BuildStream projects	Abderrahim Kitouni	16:30	17:00