Software Engineering Institute

When building systems with safety-critical considerations, having a detailed and accurate record of all the requirements, components, tests, and configuration information is essential for safety analysis. When a component-vulnerability fix comes in, though, how do you know that the system conforms with the safety claims after you apply the fix? This talk will discuss how you can leverage the Software Package Data Exchange (SPDX) software bill of materials (SBOM) data to improve the system’s automation, and make you confident that the necessary re-testing and analysis will satisfy the safety profile.