icon-carat-right menu search cmu-wordmark

SPDX SBOMs: Enabling Automation of Safety & Security Analysis

Presentation
This session was presented by Kate Stewart of The Linux Foundation at DevSecOps Days Pittsburgh, held virtually May 11, 2023.
Publisher

Software Engineering Institute

Topic or Tag

Watch

Abstract

When building systems with safety-critical considerations, having a detailed and accurate record of all the requirements, components, tests, and configuration information is essential for safety analysis. When a component-vulnerability fix comes in, though, how do you know that the system conforms with the safety claims after you apply the fix? This talk will discuss how you can leverage the Software Package Data Exchange (SPDX) software bill of materials (SBOM) data to improve the system’s automation, and make you confident that the necessary re-testing and analysis will satisfy the safety profile.