meetups

DevOps Skåne Meetup Repository

View project on GitHub

DevOps Malmö Talk Request

By adding account details and/or Personal information, You give permission to share your information to the public repository. Including sharing on social media such as Meetup.com, Twitter, Linkedin, etc.

Note! Please don’t share any Email addresses.

Speaker Info

Your Name: Lars Bendix

About Talk

Meetup Group: DevOps Malmö

Date: Tuesday, 7 March 2023

Topic: The full story of Software Bill of Materials (SBoM)

Abstract:
Why should DevOps practitioners be interested in Software Bill of Materials (SBoM)? Firstly, being responsible for “producing things” (binaries and executables) DevOps has immediate access, at the time when it is created, to the data that is needed for constructing an SBoM for a binary or executable, which makes it a lot easier and faster to construct and its data more consistent. Secondly, the use of an SBoM is not limited to searching for vulnerabilities. It has many other use cases that are very useful during the development and maintenance of a product. So DevOps will not only be “producers” of SBoMs, but can also be very active “consumers” of SBoMs in their daily work.

The American NTIA has worked hard to make SBoMs a legal requirement for delivering software to the American government - and other sectors may follow in the future. The NTIA has been very focused on cybersecurity and sees an SBoM as “a list of ingredients used for vulnerability scan”. Even if this is an important use case, an SBoM is much more than just a list of ingredients and the range of use cases for an SBoM is much wider than a simple scan for vulnerabilities. The concept of SBoM also has a much longer and varied history than recent security incidents.

In this talk, we present and motivate a number of the 10 overarching use case categories (of which “vulnerability scan” is only one) that we have distilled from an extensive literature study and numerous interviews with practitioners. Furthermore, we sketch the requirements that are needed for implementing a selected set of these use case categories. Finally, we list a number of general, cross-cutting considerations that you should take into account if you want the operation of SBoMs to be smooth and powerful.

With this knowledge DevOps practitioners will be able to utilise and exploit the concept of SBoM to its full potential and provide better service and support for development teams and organisations.

Bio:
Lars Bendix, Lund University Andreas Göransson, QCM Malmö

Agenda:
17:30 - 17:45 Meet & Greet
17:45 - 18:30 The presentation
18:30 - 18:50 Pizza & Drinks
18:50 - 19:30 QA/Continue Discussion

Meta

How many people will talk?

  • 1 Person (Recommended)
  • 2 Persons
  • 3 or more (Not Recommended)

How long will your talk be?

  • 40-45 minutes (Recommended)
  • 45+ minutes or more (Not Recommended)

Do you need help crafting your talk?

  • Yes
  • No

Do you need a specific adapter to connect to the projector? We provide HDMI and DP.

  • Yes
  • No

Venue to Host Meetup.

  • FooCafe
  • Other

Live streaming of presentation if available.

  • Yes
  • No