SPDX SBOMs: Enabling Automation of Safety & Security Analysis
• Presentation
This session was presented by Kate Stewart of The Linux Foundation at DevSecOps Days Pittsburgh, held virtually May 11, 2023.
Publisher
Software Engineering Institute
Topic or Tag
Watch
Abstract
When building systems with safety-critical considerations, having a detailed and accurate record of all the requirements, components, tests, and configuration information is essential for safety analysis. When a component-vulnerability fix comes in, though, how do you know that the system conforms with the safety claims after you apply the fix? This talk will discuss how you can leverage the Software Package Data Exchange (SPDX) software bill of materials (SBOM) data to improve the system’s automation, and make you confident that the necessary re-testing and analysis will satisfy the safety profile.
Part of a Collection
DevSecOps Days Pittsburgh 2023