Supply Chain Security, SBOMs and OSPOs: An Ecosystem and Compliance Update

Explore the critical intersection of supply chain security, Software Bills of Materials (SBOMs), and the evolving role of Open Source Program Offices (OSPOs) in this 34-minute conference talk by Jeffrey Borek from IBM. Delve into cybersecurity and regulatory compliance challenges, examining the complex interplay between these domains and the evolution of enterprise software supply chains. Learn about the importance of source and build integrity, the relaunch of the Open Source Security Foundation, and its working groups. Discover the minimum requirements for SBOMs and gain insights into the Open Source Software Security Mobilization Plan. Understand how OSPOs can contribute significantly to addressing future security challenges in the open-source ecosystem.

Intro
Cybersecurity and Regulatory Compliance
Complex Interplay: Cybersecurity & Regulatory Compliance
Evolution of Enterprise Software Supply Chain
Source Integrity and Build Integrity Are Critical
Last Fall LF Relaunched Open Source Security Foundation
Open Source Security Foundation Working Groups
What Are SBOM Minimum Requirements?
Open Source Software Security Mobilization Plan
How OSPOs Can Play an Important Role Going Forward