Alexios Zavras - The Increasing Importance of SBOMs and the Latest Developments

Abstract

While other domains like construction, mechanical engineering, or even computer hardware have long used the concept of Bill of Materials (BOMs), software traditionally has not followed this best practice. There have been efforts running for over a decade to address this, and recent developments have pushed forward the use and wide adoption of Software BOMs. The presentation will delve into the growing significance of SBOMs, spurred by recent regulatory changes such as the Executive Order 14028 in the United States and the Cyber Resilience Act in the European Union, which are oriented towards managing security through the software supply chain. These changes have highlighted the necessity for a comprehensive and standardized approach to SBOMs, which are becoming increasingly crucial in the software industry. The presentation will also explore the diversification of software, particularly with the advent of Artificial Intelligence (AI). AI has expanded the traditional definition of software beyond source code to include datasets and models. This shift necessitates a broader and more inclusive understanding of SBOMs, which the presentation will discuss in detail. Furthermore, the presentation will provide an overview of the current state of the Software Package Data Exchange (SPDX), the freely available ISO standard for SBOMs. This will include an examination of its structure and the information that can be recorded. The aim of this presentation is to provide attendees with a comprehensive understanding of the importance of SBOMs in today’s software industry, the impact of recent regulatory changes, and the role of standards like SPDX. It will also offer insights into the future of SBOMs, particularly in the context of AI and other emerging technologies.

Biography

Alexios Zavras is the Chief Open Source Compliance Officer of Intel Corporation. He has been working on issues related to SBOMs for more than a decade. He currently serves as chairperson of the Outreach team and member of the Steering Committe of SPDX, and has organized the SBOM devroom in the last two FOSDEM conferences. Alexios has been involved with Free and Open Source Software since 1983, and is an evangelist for all things Open. He has presented in and helped organize a number of national and international conferences, including FOSDEM, CopyleftConf, Linux Foundation events like Open Source Leadership Summit and Open Source Summit, and academic conferences — and back in the day the SANE conference in the Netherlands. He has a PhD in Computer Science after having studied Electrical Engineering and Computer Science in Greece and the United States.

Spreker