Loading…
November 12, 2024 | Salt Lake City, Utah
Learn More and Register to Attend

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for SigstoreCon Supply Chain Day 2024 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Mountain Standard Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

The schedule is subject to change.
← Back to schedule
The SBOM Revolution: How Sigstore, in-Toto, SBOMit, and Bomctl Are Changing the Game - Ian Dunbar-Hall, Lockheed Martin & Marc Frankel, Manifest
Tuesday November 12, 2024 5:20pm - 5:50pm MST
Alpine
Software Bill of Materials (SBOMs) are no longer merely compliance checkboxes. They're indispensable tools for understanding and mitigating vulnerabilities in the software supply chain. High-profile attacks like Log4Shell, SolarWinds, and Apache Struts have underscored the critical importance of software supply chain security. Sigstore's signing and transparency features when paired with in-toto attestations offer approaches to tracking components within SBOMs and pedigree of SBOMs themselves. This talk will delve into how OpenSSF projects like SBOMit can enhance existing SBOM management strategies to address supply chain risks. We'll also explore how to effectively consume SBOMs using various platforms using bomctl.
Speakers
avatar for Ian Dunbar-Hall

Ian Dunbar-Hall

Lockheed Martin Open Source Program Office, Lockheed Martin
Ian leads Lockheed Martin's Open Source Program Office and specializes in DevSecOps and full stack engineering. Additionally he is a maintainer on SBOMit and bomctl. He is also an OpenSSF Governing Board General Member Representative.
avatar for Marc Frankel

Marc Frankel

Manifest CEO/Cofounder, Manifest
Marc Frankel is the CEO and cofounder of Manifest, a cybersecurity company delivering SBOM & software supply chain security to governments and enterprises worldwide. Marc is a passionate software supply chain security advocate and author of several resources on third-party SBOM collection... Read More →
The SBOM Revolution How Sigstore, in Toto, SBOMit, and Bomctl Are Changing the Game pdf
Tuesday November 12, 2024 5:20pm - 5:50pm MST
Alpine
  Best practices in supply chain security
Feedback form is now closed.

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link