Don’t miss out! Join us at our next event: KubeCon + CloudNativeCon Europe 2022 in Valencia, Spain from May 17-20. Learn more at [ Ссылка ] The conference features presentations from developers and end users of Kubernetes, Prometheus, Envoy, and all of the other CNCF-hosted projects.
Keynote: Approaching the SBOM: Best Practice for Software Supply Chain Security - Daniel Nurmi, Anchore
The software bill of materials (SBOM) has quickly become a critical foundation for software supply chain security. Gaining the ability to see and process the full picture of all software components included in your applications is the first step in preventing vulnerabilities and malware from reaching production systems.
The recent United States Executive Order on Improving the Nation's Cybersecurity details the need for software producers to supply SBOMs, as well as maintaining controls on the provenance of software components and tools. The U.S. NTIA has subsequently released minimum elements for a compliant SBOM. This highlights the important role of an SBOM for open source projects, whether they are incorporated in software applications or used as part of the development toolchain.
Multiple Linux Foundation and CNCF projects including SPDX, In-Toto, and SigStore are providing critical frameworks and specifications designed to advance the security of the software supply chain.
This session will explore best practices for generating SBOMs for both open source projects and software producers, we will share insights and lessons learned from creating SBOMs for CNCF projects using Syft, an open source SBOM generator, and predict ways that we see the role of the SBOM in securing software supply chains evolving over time.
