Events
The future of SBOMs with Kate Stewart
With SBOM adoption accelerating over the past two years, new tools, standards and use cases are emerging. Kate Stewart, a pioneering force behind SPDX and Alan Pope, Director of Developer Relations at Anchore explore how SBOMs transformed from static documents to dynamic, database-driven knowledge systems that can scale with today’s complex software ecosystems.
This session will provide a forward-looking perspective on where SBOM technology is heading, focusing on recent developments in SPDX 3.0 and upcoming features in SPDX 3.1.
Our experts will discuss:
- The evolution of SBOMs from licensing to comprehensive transparency tools.
- The latest features and upcoming developments of SPDX 3.0/3.1 roadmap.
- Emerging SBOM use cases such as AI/ML models, hardware components, and critical infrastructure.
- Practical approaches to generating high-quality SBOMs for maximum accuracy.
Rapid Incident Response to Zero-Day Vulnerabilities with SBOMs
SBOMs are typically thought of as a developer tool to shift supply chain security left but the most popular SBOM use-case is security incident response.
Organizations face an accelerating wave of software supply chain attacks that expose critical vulnerabilities in hidden software dependencies, such as Log4j, XZ Utils, and CUPS. These high-profile zero-day disclosures become active threats and speed is crucial: organizations must immediately identify whether they are vulnerable and remediate before malicious actors can craft an exploit. The goal isn’t just to patch quickly—it’s about focusing your resources to prevent a zero-day incident from becoming a breach.
SBOMs are a critical piece for rapid incident resolution and significantly reduce the time required to assess risk exposure.
In this webinar Josh Bressers and Sean Fazenbaker will demonstrate:
- The challenges of zero-day vulnerability security incidents
- Why an SBOM-powered inventory save hours over manual incident analysis.
- How to generate run-time/production SBOM inventory
- How to find a zero-day vulnerability in production with a single query.
Securing Open Source Software Supply Chains – The Next Frontier of Innovation
Open source software (OSS) is the backbone of modern innovation, accelerating development and empowering businesses to build cutting-edge applications. However, as OSS components are integrated into millions of applications, software supply chains have become an increasingly attractive target for cyber threats. Without proper security measures, vulnerabilities in these supply chains can lead to widespread breaches, compliance risks, and operational disruptions.
Join us for a deep-dive discussion on securing open source software supply chains. This roundtable will explore the evolving threat landscape, best practices for mitigating risks, and strategies for balancing security with innovation. Attendees will gain actionable insights into safeguarding software supply chains without stifling the benefits of open source adoption.
Key Takeaways:
- Understanding the Risk: Explore the latest threats targeting open source software supply chains and the real-world impact of supply chain attacks.
- Mitigation Strategies: Learn how organizations are implementing security frameworks, automated tooling, and governance policies to fortify their software pipelines.
- Balancing Security and Innovation: Discover how to maintain OSS agility and developer efficiency while embedding security into the software development lifecycle.