Demystifying SBOMs: A Deep Dive into Software Bill of Materials for FOSS Management

This talk aims to provide a comprehensive overview of Software Bill of Materials (SBOMs) within the Free and Open Source Software (FOSS) domain. It will trace the evolution of SBOMs and highlight their growing importance in security and artifact management. Key topics to be covered include:

1. Introduction: SBOMs and Their Benefits
2. Evolution of SBOMs: From traditional BOMs to SBOMs, SaaSBOMs, ML(Machine Learning)BOMs, C(Cryptography)BOMs, etc.
3. Industry Standards for Creating SBOMs: A look at SPDX and CycloneDX.
4. Comparative Analysis: Evaluating SBOMs generated by different tools.
5. Advancements in SBOMs: Including VEX and EPSS.
6. Existing and upcoming Industry regulations
7. Future Trends and Developments

This session will equip developers and managers with an understanding of the critical role SBOMs play in the development cycle. It will emphasize the importance of documenting third-party open source dependencies and transitive dependencies to identify security and licensing issues, both for current projects and for future scenarios where new vulnerabilities might arise.