All About SBOMs: The Software Bill of Materials

SBOM stands for Software Bill of Materials, and this humble but critically important document is getting a lot of airtime recently, especially after United States Executive Order 14028 issued strong guidance on requiring SBOMS for government software acquisitions. Alexios Zavras of Intel's Open Ecosystem Group and Kate Stewart of the Linux Foundation are SBOM experts who are active contributors to the SPDX SBOM standard, one popular format currently in use. In this interview, they walk us through some k...

SBOM stands for Software Bill of Materials, and this humble but critically important document is getting a lot of airtime recently, especially after United States Executive Order 14028 issued strong guidance on requiring SBOMS for government software acquisitions.

Alexios Zavras of Intel's Open Ecosystem Group and Kate Stewart of the Linux Foundation are SBOM experts who are active contributors to the SPDX SBOM standard, one popular format currently in use.

In this interview, they walk us through some key background and useful information all developers should understand about SBOMs.

 

Guests:

Alexios Zavras
Chief Open Source Compliance Officer, Intel Corp.
Alexios is part of the Open Source Program Office (OSPO) at Intel. He has 40 years’ experience in Free and Open Source software and is an evangelist of all things Open. A software licensing expert, he is an active participant in the Software Package Data Exchange (SPDX)*, OpenChain*, and the TODO Group. He frequently speaks at industry and academic conferences, including the Open Source Leadership Summit, FOSDEM, and CopyleftConf. He holds a PhD in Computer Science after having studied in Greece and the USA.

Kate Stewart
VP, Dependable Embedded Systems,  The Linux Foundation.
Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects.
She was one of the founders of SPDX (which is now ISO/IEC 5962:2021), and remains active in specification evolution and adoption. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects.  With over 30 years of experience in the software industry, she has held a variety of roles and worked as a developer in Canada, Australia, and the US and for the last 20 years has managed software development teams in the US, Canada, UK, India, and China.