SBOM stands for Software Bill of Materials, and this humble but critically important document is getting a lot of airtime recently, especially after United States Executive Order 14028 issued strong guidance on requiring SBOMS for government software acquisitions.
Alexios Zavras of Intel's Open Ecosystem Group and Kate Stewart of the Linux Foundation are SBOM experts who are active contributors to the SPDX SBOM standard, one popular format currently in use.
In this interview, they walk us through some key background and useful information all developers should understand about SBOMs.
Guests:
Alexios Zavras
Chief Open Source Compliance Officer, Intel Corp.
Alexios is part of the Open Source Program Office (OSPO) at Intel. He has 40 years’ experience in Free and Open Source software and is an evangelist of all things Open. A software licensing expert, he is an active participant in the Software Package Data Exchange (SPDX)*, OpenChain*, and the TODO Group. He frequently speaks at industry and academic conferences, including the Open Source Leadership Summit, FOSDEM, and CopyleftConf. He holds a PhD in Computer Science after having studied in Greece and the USA.
Kate Stewart
VP, Dependable Embedded Systems, The Linux Foundation.
Kate Stewart works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects.
She was one of the founders of SPDX (which is now ISO/IEC 5962:2021), and remains active in specification evolution and adoption. Since joining The Linux Foundation, she has launched the ELISA and Zephyr Projects, as well as supporting other embedded projects. With over 30 years of experience in the software industry, she has held a variety of roles and worked as a developer in Canada, Australia, and the US and for the last 20 years has managed software development teams in the US, Canada, UK, India, and China.
Making Open Source Magic
Developer Experience Is Everything
Lessons From GitHub
The Best Ethernet on Mars
Kubernetes, DevOps and Reinventing Ourselves
Securing Kubernetes
Security and the OSPO
Open Source Isn’t Broken
Open Source: The Nerd Version of Formula One
Building Trust with Attestation
Assessing Project Security with OpenSSF Scorecard
Consuming Open Source Software Securely
Scanning for Vulnerabilities with CVE Binary Tool
Securing Applications with Gramine
Confidential Computing
Software Supply Chains
Dan Williams: Kernels of Wisdom
Christopher ”CRob” Robinson Shares an Optimistic Take on Open Source Security
Threat Modeling Down the Rabbit Hole
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
A Prairie Home Companion: News from Lake Wobegon