11:00 AM - 11:30 AM (PST)
Behold, the SBOM: Practical and Strategic Advice for Making SBOM Work for You

Software Bill of Materials (SBOM) have gained wide-spread support from the software industry, to critical infrastructure, to the White House. Not all SBOMs, SBOM formats, or methods of creation are created equal. In this session, transparency in the software supply chain will be highlighted along with strategies for effectively using the OWASP CycloneDX SBOM standard to make better risk-based decisions. Real-world examples will be discussed along with the various methods of SBOM creation and their trade-offs. Example use cases will be presented that illustrate common software supply chain scenarios and how they can be represented in CycloneDX and communicated to others in the supply chain.