Building the Foundation of Your SBOM and VEX Programs

Presented by

Cassie Crossley (VP of Supply Chain Security, Schneider Electric) | Cortez Frazier Jr. (Senior Product Manager, FOSSA)

About this talk

SBOMs are playing increasingly vital roles in a wide range of supply chain security, regulatory compliance, and even sales (satisfying customer requests) initiatives. However, not all SBOMs are created equal. It can be difficult to produce SBOMs that are accurate and up-to-date, provide actionable insights for security programs, and satisfy requests from sophisticated (and/or regulated) customers. We’re delighted to host Cassie Crossley — VP of Supply Chain Security at Schneider Electric and author of the new O’Reilly book: “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware” — for an upcoming webinar on how your organization can address these challenges and effectively scale your SBOM program. Cassie will share insights from her book — plus firsthand experiences leading supply chain security initiatives at Schneider Electric — to help you make critical decisions on your SBOM journey. Topics will include: -When in the SDLC is the best time to generate your SBOM -How to choose between popular SBOM formats -Methods for securely distributing SBOMs -What VEX is and why it’s important — but has yet to be widely adopted -The long-term vision for VEX and SBOM adoption
Related topics:

More from this channel

Upcoming talks (1)
On-demand talks (59)
Subscribers (6219)
Up to 90% of any piece of software is from open source, creating countless dependencies and areas of risk to manage. FOSSA is the most reliable automated policy engine for vulnerability management, license compliance, and code quality across the open source stack. With FOSSA, engineering, security, and legal teams all get complete and continuous risk mitigation for the entire software supply chain, integrated into each of their existing workflows.