Understanding and Using the CycloneDX SBOM Standard

Presented by

Steve Springett, Chair, CycloneDX Core Working Group

About this talk

Since launching in 2017, CycloneDX has gained popularity as a lightweight software bill of materials (SBOM) specification. And, that growth has only accelerated in the months since CycloneDX was highlighted in the U.S. government's 2021 cybersecurity executive order as an approved SBOM export format. Join Steve Springett, Chair of the CycloneDX Core Working Group, for an in-depth look at the current state of the specification — and for practical guidance on using CycloneDX in your organization. We'll discuss: -Elements of a CycloneDX SBOM -Top CycloneDX SBOM use cases -CycloneDX vs. SPDX and other popular SBOM formats -Best practices for generating and importing CycloneDX SBOMs
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (60)
Subscribers (6425)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.