This weekend marks an exciting event for the cybersecurity community — BSides Bristol is officially kicking off! We’re thrilled to be a part of this dynamic conference, where we’ll be presenting a talk on a topic that’s rapidly gaining significance: Navigating the SBOM Landscape: Formats, Relevance, and Tooling in 2024.
What’s Our Talk About?
In recent years, the concept of a Software Bill of Materials (SBOM) has emerged as a cornerstone of modern cybersecurity practices. With growing global attention—highlighted by the US executive order aimed at enhancing national cybersecurity and the UK’s Code of Practice for Software Vendors - SBOMs are increasingly recognized as essential tools for ensuring software transparency and mitigating risks.
Our talk is designed to dive deep into the world of SBOMs, exploring why they are becoming indispensable in today’s cybersecurity framework. We’ll discuss the key SBOM formats — SPDX and CycloneDX—offering a detailed look at their features, benefits, and how they contribute to a more secure software ecosystem.
But understanding the formats is just the beginning. We’ll also provide an overview of the current SBOM tooling landscape, highlighting the technologies that are making it easier for organizations to manage and utilize SBOMs effectively. Whether you’re a developer, a security professional, or a decision-maker, this session will equip you with the knowledge to navigate the SBOM landscape confidently.
Why Should You Attend?
This talk is more than just an introduction to SBOMs. It’s a comprehensive guide to understanding their significance in today’s cybersecurity efforts. You’ll leave with a clear grasp of the different SBOM formats, the state-of-the-art tools available, and practical insights into how these can be applied to enhance software security and ensure regulatory compliance.
If you’re committed to advancing your organization’s software security practices, this session is one you won’t want to miss.
We look forward to seeing you at BSides Bristol and engaging in this important conversation about the future of software security.
Update
The slides from the talk can be found here.
Found an error or typo? File PR against this file.