Practical Software Bill of Materials: From Generation to Distribution Workshop
CVE/FIRST VulnCon 2025 · Workshop
In the rapidly evolving landscape of software supply chain security, the Software Bill of Materials (SBOM) has emerged as a critical artifact. However, merely generating an SBOM is no longer sufficient; its true value lies in its quality, trustworthiness, and actionable insights. This comprehensive workshop, presented by Adula Garcia, Mike, and Ian at VulnCon, delved into the entire lifecycle of practical SBOMs, moving beyond simple compliance to robust security and operational efficiency.
AI review
A competent, practitioner-facing workshop on SBOM lifecycle management from credible contributors who clearly live in this space daily. The structured lifecycle framework (augmentation, enrichment, verification, signing, distribution) is sensible and the toolchain coverage is genuinely useful — protobom, bombl, bind, parlay, Guac all get real treatment, not just name-drops. The hands-on Gitpod approach is the right format for this material. That said, this is a workshop that teaches you *how* to use existing tools correctly, not a research talk that advances the field. The insights here are…