Name: How Many Types of SBOM Are There?
Start: 2025-03-31T13:06:00Z
End: 2025-03-31T13:06:38.000Z
Location: BrightTALK

Black Duck is now defining the next frontier of application security. With the avalanche of AI-generated code plus expanding regulatory pressure, you need solutions that can scale, adapt, and keep pace with the demands of your business.

Black Duck meets the demands of modern software development with True Scale Application Security. In the cloud or on-prem, 100,000 lines of code or 100 million. For safety-critical systems with stringent compliance requirements or modern web apps deploying 100 times per day. Our flexible, scalable, high-precision solutions enable you to code with confidence.

Securing your software supply chain requires that you analyze dependencies for risk, harden your development pipeline, and secure the artifacts that you deploy or ship to customers. Are you prepared for the four common attack vectors that bad actors exploit?  

In this webinar, we’ll look at different types of software supply chain attacks and discuss:    

• The riskiest points of your software development lifecycle 
• Real-world examples of how attackers take advantage of upstream dependencies and build automation 
• Crucial tools and processes to help you avoid falling victim to supply chain attacks

Don’t Take the Bait: Four Software Supply Chain Attacks

The regulatory landscape is evolving constantly. Legal frameworks like the Cyber Resilience Act (CRA) and the Digital Operational Resilience Act (DORA) are redefining compliance requirements and posing significant challenges for AppSec, DevSecOps, and compliance teams. 
Do you have effective strategies in place to scale AppSec programs and maintain compliance?
Join our experts, as they explore the importance of
• Understanding regulatory impact without using AI
• Scaling AppSec programs and effectively meeting regulatory demands
• Determining who is empowered define organizational requirements
• Avoiding rework and maintain compliance

Are you willing to risk CRA Compliance to Self-Assessments?

Join us for an exclusive insider session! We’ll explore the latest trends and challenges in embedded software development. “The State of Embedded Software Quality and Safety” report uncovers key issues in the industry. It highlights the fast rise of AI, potential new risks to software quality, and a shift in what’s driving Software Bill of Materials (SBOMs) requirements.

Here's what you can expect to learn
• How “shadow AI” introduces new risks to governance, security, and IP
• The evolving skillset required for modern embedded developers
• The rising demand for SBOMs as a commercial requirement
• Strategies for balancing speed and quality in software development
• How leading organizations are managing the risks associated with AI and open source software

Get key insights into embedded software development. You'll learn to handle quality, safety, and security in an AI-driven world.

The Rise of AI and New Risks to Embedded Software Development

Join two of our cybersecurity experts for a lightning round that cuts through the hype and addresses the immediate challenges of AI in software development. We'll explore the paradigm shift that is reshaping creativity and problem-solving in development, the new frontier of AI-influenced software risk, and discuss ways in which AI coding assistants and open source AI models form the next evolution of the software supply chain crisis.
 
This session charts a course from high-level business concerns directly to the developer experience, examining:
- The business and contractual liabilities that arise when AI-generated code enters your products.
- New, instinct-driven "vibe programming" and the debate over whether this emerging methodology is a sustainable path to innovation or a source of unpredictable risk.
- How AI coding assistance alters hiring strategies and the critical role of code review by security-capable developers in an AI-driven workflow.
- Emerging attack vectors tied to the growing use of open-source AI models.
- Viable paths forward to harness the power of AI, manage its inherent risks, and minimize organizational disruption by establishing resilient and scalable safety nets within your pipeline.

AI-Assisted Disruption: How Change Impacts Dev and Sec as Organizations Pivot to AI

Join us for a webinar discussing the challenges organizations face in transitioning to PCI-DSS 4.0 and implementing new security measures. We will explore the updates to the security framework and the critical need to secure APIs to protect sensitive payment information. Don't miss this opportunity to learn about the latest in PCI-DSS 4.0 and how to effectively adapt to these new standards.

PCI-DSS 4.0 Explained

Do you know how to navigate the risks of AI-powered development? How can you establish secure DevSecOps initiatives?  
  
This presentation will highlight key aspects of the latest AI-trends and the risk implications for business operations. Get crucial insights from a roundtable discussion with industry leaders from NTT DATA Italy and AppSec Application Security Services. Key takeaways include
 
- Understanding the potential security risks of AI-powered development 
- Strategies for establishing consistent and scalable DevSecOps initiatives in AI-powered development 
- Empowering developers to create secure software

Navigating the Risks of AI-Powered Development for Secure Software

AI coding assistants are transforming business, with adoption driven both by developers seeking help and by executives seeking savings. But this evolution should not come at the cost of enterprise security or valuable intellectual property. This session explores the most urgent challenges created by AI-enabled development, contrasted by the most effective methods to mitigate them without breaking DevOps pipelines.  

Whether you are advocating for change or evaluating your options, join us as we discuss:  

- Practical solutions for rapid, automated security testing integrated within CI/CD pipelines 
- AI-powered security tools that help developers to embrace AI and security teams to accelerate at the pace of AI 
- Mechanisms to protect valuable intellectual property as AI code generators leverage licensed source material 
- Emerging attack vectors baked into open source AI models and how to address them

Embrace AI coding assistants while efficiently managing risk

The EU created the Digital Operational Resilience Act (DORA) to help the financial sector withstand, respond to, and recover from Information and Communication Technology (ICT) disruptions.  But what does that mean from a security testing perspective?
 
Join this webinar to get practical and tactical advice on how to address testing requirements. We’ll cover:
 
• An in-depth look at DORA with a focus on articles 25 and 26 (testing)
• It’s impact on the financial sector and vendors that support them
• Best security testing practices to satisfy DORA requirements

DORA and Software Security

Forcing AppSec tests into developer pipelines, without aligning them to their preferred tools, can lead to inefficiencies and security oversights. Security teams need full risk visibility and developers need to meet shipping deadlines. While developers should not take full responsibility for security testing, they must be able to initiate, support, and benefit from it without changing their existing workflows. 

The most effective and efficient way to accomplish this is with out-of-the-box integrations and security testing templates that work natively with leading DevOps platforms like GitHub, GitLab, and Azure DevOps (ADO) to automate critical AppSec tests and quickly close feedback loops with developers. Join Black Duck as we discuss: 

Using DevOps platforms’ automation templates to embed AppSec into CI pipelines 

- Making security scans and fix pull requests an automatic part of dev workflows 
- Reducing risk and issue backlogs with developer security training and clear fix guidance 
- Accelerating AppSec using AI-enabled DevOps and security tools 

Start making life easier for developers and AppSec teams with integrated security testing for GitHub, GitLab, ADO, and more.

Developer-First Security: How to Automate Security Tests with GitHub, GitLab, and more

Securing software takes teamwork—a unified approach from development through testing and into production. But each team has a distinct set of requirements and workflows that need to align to realize a concerted push for security. And while developers influence risk posture, they are often not trained in or focused on software security practices.

How can you make the effort that developers and DevOps teams are already putting in more valuable to the business? What's the best way to cultivate highly security-conscious developers so your software becomes more secure over time? Is there a way to derive tangible benefits for the business, the team, and the individual?

Join us as we break down a five-step process with real-world applicability. Topics include

• The critical distinction between developers' security awareness and their security capability
• Mechanisms to automate risk detection and accelerate remediation across the pipeline, including at the developer desktop
• How to establish security gates in DevOps pipelines in a way that doesn't derail development or lead to missed shipping deadlines
• How to create a DevSecOps initiative that can evolve with the business and enable developers to sustain security requirements as part of their day-to-day
• Ways to maximize security's value to the business and its customers

5 Steps to Achieving Developer-First Security

There are three regulations that every software development team should be aware of: NIST Secure Software Development Framework (SSDF), the EU Cyber Resilience Act (CRA), and the FDA Cybersecurity Requirements for Medical Devices. What’s your regulation IQ? 

Join this webinar to learn how to navigate these regulations to secure your software supply chain. We’ll cover:  

- Key requirements, commonalities, and differences across the three regulations  
- The importance of an SBOM in dependency tracking and risk management 
- Best practices for complying with these cybersecurity standards  

Register now.

Software Supply Chain Security: Navigating NIST, CRA, and FDA Regulations

As with all things tech, software development has been in a constant state of evolution since its infancy. Generative AI, however, has the potential to disrupt software development as we know it.
There are significant benefits offered by generative AI, but there are risks as well, including security risks. In its brief history, AI has generated buggy code, taken code from open source repositories without licensing considerations, and generated incorrect code.
In this webinar, you will learn
• What AI is and how it is used in the SDLC
• The ways AI is changing how software is being built
• The risks, drawbacks, and concerns of using AI
• How to benefit from AI while managing risks

How Generative AI is Changing the SDLC

As open source software continues to reshape the technology landscape, legal and compliance challenges have evolved at an unprecedented pace. This comprehensive annual review examines the most significant legal developments in open source during 2025, providing critical insights for legal counsel, compliance officers, and M&A professionals navigating the increasingly complex intersection of open source licensing, intellectual property, and corporate risk.

What You'll Learn:

• Litigation Landscape: Key developments in the Vizio lawsuit and other potential precedent-setting cases.
• AI and Open Source Convergence: Legal implications of AI-powered models from DeepSeek, Hugging Face, and OpenAI's open-weight releases, plus updates on AI-generated code contributions and the GitHub Copilot litigation.
• Strategic License Changes: High-profile transitions including Redis and Bitwani, and the emerging trend of time-delayed license changes.
• Ecosystem Governance: Leadership changes at the Open Source Initiative, plus updates regarding OpenChain, the Linux Foundation, and OpenStack.
• Emerging Risk Areas: Font licensing complexities and the Shai-Hulud npm malware attack's implications for supply chain security and compliance.
 
Join us for this essential annual briefing to stay ahead of the legal trends shaping open source in 2026 and beyond.

The 2025 Open Source Year in Review

In September 2025, the Shai-Hulud worm compromised over 500 npm packages, exploiting phishing and self-replicating malware to steal credentials and disrupt software supply chains. This brief webinar explores the attack’s mechanics, from phishing maintainer credentials to spreading malicious updates, and its devastating impact, including cloud breaches and ransomware risks. Learn how Black Duck’s Software Composition Analysis (SCA) tool rapidly detects and remediates vulnerabilities like Shai-Hulud, empowering teams to secure their open-source dependencies in minutes. Join us for a concise overview and live demo showcasing actionable defense strategies for developers and security professionals.

Unmasking Shai-Hulud: Defending Against the Latest npm Supply Chain Attack

See how our native GitHub App makes it easy to bring Black Duck’s security tools right into your development workflow. With automated scanning, easy onboarding, and flexible scan triggers, you can manage security without ever leaving GitHub. This integration helps teams work faster, stay secure, and improve the developer experience—whether you're handling one project or many.
 
Join this exclusive session to learn:
- Deliver security findings directly as pull request comments
- Generate automatic fix PRs when vulnerabilities are detected
- Seamlessly integrate with the GitHub Advanced Security dashboard
- Enable custom policy controls for pull request checks

Black Duck for GitHub: Seamless Security Integration

Software is the backbone of many businesses today. Even though secure and reliable code is important, it's harder than ever to follow coding rules because apps are complex, open source is common, and security threats keep changing.

In this webinar, we’ll discuss:  
• How policy-driven scans help ensure your software meets compliance 
• Testing your software early in the SDLC when issues are easiest to resolve 
• Tracking and prioritizing the defects that are most critical to your software 
• Generating custom reports that prove compliance to your leadership team  

Ensure your software complies with the coding standards that are most important to your business. Register today.

Proving Code Compliance to Leadership

In February 2024, the NIST Cybersecurity Framework (CSF) 2.0 update was released, featuring the latest advancements. This update brings a host of transformative changes, expanding the framework's scope. It also provides stronger governance and supply chain risk management. There are also refining metrics for assessing cybersecurity effectiveness. 

Join this webinar to learn about
• The long-anticipated CSF 2.0 update
• The implications of the changes in the 2.0 update 
• Leveraging these changes to improve current cybersecurity programs

Embracing the Future of Cybersecurity with NIST CSF 2.0

The tech M&A landscape is rapidly evolving with the pervasive integration of AI into target company applications. As machine learning, Generative AI, and other intelligent technologies become central to innovation, traditional software due diligence is no longer enough. This session addresses the critical new dimensions of risk and opportunity that AI introduces to acquisitions.

Join us for a practical framework designed to equip M&A principals and legal counsel with the tools to thoroughly assess AI-driven targets. We’ll dive into the essential areas you must explore, from evaluating model provenance and performance to navigating complex data governance and ethical considerations.

Key takeaways will include how-to effectively assess:

• AI Footprint: Understanding the strategic implementation and problem-solving capabilities of AI.
• Security Risks: Comprehensive data protection, access control, and penetration testing for AI systems.
• Legal & IP Risks: Clarifying model and training data ownership, alongside API terms.
• Quality & Reliability Risks: Ensuring performance, effective retraining, and model explainability.
• Regulatory & Compliance Risks: Navigating emerging regulations like the EU AI Act and critical data privacy concerns.

M&A's New Frontier: Assessing AI Software Risk in Your Next Deal

AI coding assistants and open source AI models are revolutionizing productivity and innovation. But these new resources introduce a systemic challenge that impacts the entire pipeline. How do we embrace innovation without introducing invisible risk at astonishing scale? Does AI-enabled development threaten the value of the assets that drive your business? This session shows the results of a new study on this shared reality. It shows a way to get security and compliance done that doesn’t stop development teams.
We’ll address the main worries of technology executives and effective approaches to handling risks caused by AI. It's time to align development and security teams. You may ask how? Through integrated tools that make secure coding a natural part of daily workflows.
What’s in it for you?
• Gain exclusive insights from new research on AI adoption and its security implications
• Learn practical strategies to manage AI-generated risks in development pipelines
• Discover how to align Security and Development for frictionless, secure innovation

Secure or Sorry? What AppSec Leaders Must Know About AI Adoption

Open source software powers modern development—but it also introduces risks. From direct and transitive dependencies to container images, these risks can enter your applications in many ways, often without full visibility. 

Join this webinar to learn

• The common entry points for open source in your applications
• The risks of unmanaged open source, including vulnerabilities and license issues
• Best practices for securing and governing open source usage
• Tools and strategies for maintaining compliance and visibility

Whether you're a developer, security professional, or compliance lead, this session will help you build safer, more resilient software.

The Open Source Wildcard: Don't Roll the Dice on Risk

Securing your software supply chain begins with knowing what’s in your code. With AI-generated code and ubiquitous open source software use, it’s never been more critical to understand what risks your software may contain. In fact, last year alone we found that 81% of codebases contained a high-/critical risk vulnerability.
 
Join this webinar as we explore the findings from the 2025 “Open Source Security and Risk Analysis” report. We’ll cover:
 
• The state of open source software security
• Tips for mitigating risks and keeping vulnerabilities out of your supply chain
• How to protect against security and IP risks from AI coding tools

The 2025 Guide to Open Source Security and Risk

There is no shortage of buzz around generative artificial intelligence (GAI). GAI can be used in software development to generate and augment code which saves times and reduces development cycles. But using AI in software development comes with its own set of risks.

Join this webinar to get an introduction to GAI and how you can minimize risk when using it in your organization. We’ll cover:

• What GAI is and how machines learn
• Legal issues with AI including copyright, web scraping, and more
• Overview of current litigation
• Practical approaches to using GAI while minimizing risk

Best Practices for Using AI in Software Development

Modern applications are no longer created from scratch; instead they are constructed of various components, including open source code that is often developed by individuals outside the organization. Our research reveals that open source code makes up 76% of the average application.

Although leveraging open source software provides access to external expertise, it also entails responsibilities for organizations. Ensuring the security, compliance, and quality of the code is crucial. This is where software composition analysis (SCA) plays a significant role.

Join this discussion that explores the following topics:

o What SCA is and how it functions
o Addressing risks through SCA
o Key elements of an effective SCA solution
o Building a comprehensive open source risk management program with SCA

What Is Software Composition Analysis?

Understanding the risks associated with open source software has become the norm in tech due diligence, but not all approaches are created equal. Knowing what’s in the software you’re acquiring is the first step. Few targets are able to produce an SBOM and when they do, it tends to be about 50% accurate. Is “good enough” good enough for M&A?

Join this live Synopsys webinar to learn how a purpose-built M&A open source audit differs from open source management tools and why it matters in tech due diligence. We’ll cover:

• The risks associated with open source software 
•Why depth of analysis matters, and what it results in during M&A diligence
•Why accuracy, reporting and expert human analysis are keys to thorough diligence

Don’t miss this informative webinar. Register today.

Open Source Software Audit vs Scan: What’s Right for M&A?

Log4Shell, SolarWinds, CodeCov, and the npm package repository are all associated with some type of software supply chain risk or incident, but each represents completely different attack vectors. As we depend more on build and release automation and third- party dependencies, we need to better understand how threat actors exploit them to attack the consumers of software.  In this session, you’ll learn
• The riskiest points of your software development life cycle
• The four most common supply chain attacks, with real-world examples
• How to create a firewall around the software supply chain to protect your software and your customers

Four Types of Supply Chain Attacks Development Teams Should Worry About

Open source and third-party software make up the bulk of code in today’s applications. Open source has become so integral to modern development that security and development teams struggle to identify all the components in their software. AI code generation only adds to the difficulty.  

From license compliance issues to security vulnerabilities to reliance on stagnant projects, it’s never been more critical to know what’s in your code. It’s table stakes for addressing these risks.  

Join this webinar to hear top open source legal experts discuss how to minimize risks while leveraging open source in software development and M&A. We’ll cover:  

- Roots of open source 
- Examination of the risks 
- Overview of the most popular open source licenses  
- Guidelines for managing

Fundamentals of Open Source Risk Management

The Ultimate Guide to Managing Open Source

As far as the Cybersecurity and Infrastructure Security Agency (CISA) is concerned, there are six types of SBOMs that can be created for a single application or piece of software; neither of which will be identical. While CISA doesn’t have a favorite type of SBOM, you may find that your organization, vendors, or customers prefer some over others. As such, it’s important to understand what to expect from each type, how to generate them, and be prepared to reconcile the differences across them.

Learning objectives:
• Become familiar with the six types of SBOM
• Understand the benefits and limitations of each type
• Know the methods and tools required to generate each type

How Many Types of SBOM Are There?

SBOM

Software Bill of Materials

Software Security

Application Management

Application Development

SDLC

Open Source

Supply Chain

Cyber Security

Intellectual property law is crucial to ensuring that you or your organization have exclusive rights to that assets that you’ve created. The BrightTALK intellectual property community has thousands of professionals focused on learning and exchanging information about intellectual property management, intellectual property software and how to protect intellectual property. Join the community for access to free, interactive presentations or attend live webinars to have your questions answered by IP lawyers and industry experts.

Intellectual Property

The legal community on BrightTALK combines the fields of employment law, e-discovery, intellectual property and environmental law to create a thriving ecosystem of legal resources. Attend live and on-demand webinars dealing with employment contract law, e-discovery solutions, intellectual property software and sustainable development from leading lawyers and legal professionals to gain knowledge in a wide range of fields. Join the community and be part of the conversation by attending live legal webinars and connecting with industry thought leaders.

Legal

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Internal audit and compliance professionals are facing increasingly stringent regulatory requirements when it comes to compliance reporting and internal control procedures. Join the audit and compliance community to learn best practices from thought leaders on topics such as regulatory compliance, internal audit checklists and audit program strategies.

Audit and Compliance

Get powerful market trends insights that are shaping the M

Mergers and Acquisitions

The accounting and finance community on BrightTALK features presentations from leading accountants and finance professionals. The accounting community includes tax planning strategies, QuickBooks webinars and other accounting webinars, while the finance community features presentations on financial capital regulations and forensic data analytics. Join the conversation by attending live financial and accounting presentations and connecting with industry thought leaders.

How Many Types of SBOM Are There?

Presented by

About this talk

Black Duck