SBOMs in the Real World: Practical Guidance for Managing Three Common SBOM Scenarios
CVE/FIRST VulnCon 2025 · Main Stage
In an insightful and opinionated presentation at VulnCon, Cortez Fraser Jr., Principal Product Manager at FASA, delved into the evolving landscape of Software Bill of Materials (**SBOMs**), moving beyond theoretical discussions to practical, real-world applications. The talk, titled "SBOMs in the Real World: Practical Guidance for Managing Three Common SBOM Scenarios," aimed to equip security professionals and developers with actionable strategies for integrating SBOMs into their security postures. Fraser highlighted that while the concept of SBOMs has gained widespread recognition, their effective implementation and utilization remain a significant challenge for many organizations.
AI review
Fraser delivers a competent, practitioner-focused walkthrough of SBOM implementation across three maturity tiers. The content is well-structured and clearly drawn from real operational experience — his GE Power background running security for 1,800 developers with a three-person team gives him genuine credibility on the 'this has to actually work at scale' problem. The PURL vs. CPE argument is made clearly, the VEX/VDR distinction is handled better than most treatments of the topic, and the SSVC-simplification angle is honest about the gap between theory and practice. But this is…