September 19-21, 2023
Bilbao, Spain
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2023 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central European Summer Time (UTC/GMT +2). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Thursday, September 21 • 11:00 - 11:40
Bringing Service Security to a New Level: An Introduction to SaaSBOMs - Ivana Atanasova & Rose Judge, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

The industry has been talking for years now about Software Bill of Materials (SBOM) and how they can help resolve security and legal issues in the software supply chain. Yet as the SBOM horizon expands in scope and sophistication, we find ourselves asking: what about SBOMs for services? The truth is that bringing transparency to services via SaaSBOMs is notably more complex. On one side, we have the service itself, depending on one or more other services. Each of them has a different subscription model, transport protocols, geo location and a wide variety of risk factors with no national vulnerability database for services yet created. But that’s not all! We also have the data that flows through a service, which also goes through a variety of known and unknown additional services, regulations, access controls and so on. Can such metadata be known and structured into a cohesive SaaSBOM? How should that information be exchanged in a producer-consumer chain while protecting privacy and intellectual property? Together with the CISA Service Transparency and the SPDX SaaS Profile groups we’ve been working to answer these questions. In this talk we’ll bring visibility into the ongoing efforts around SaaSBOMs, how we approach complexities around generating them, and what’s coming next.

avatar for Ivana Atanasova

Ivana Atanasova

Open Source Software Engineer, VMware
Ivana Atanasova is an Open Source Software Engineer in VMware's Open Source Program Office, where she has contributed to a variety of projects, including Python-TUF, go-tuf, Sigstore, Tern, CHAOSS' Augur, Network Service Mesh, OpenFaaS and others. Previously, Ivana worked at the Bulgarian... Read More →
avatar for Rose Judge

Rose Judge

Senior Open Source Engineer, VMware
Rose Judge is a Senior Open Source Engineer at VMware where she co-maintains Tern, an open source container inspection tool that generates container SBOMs. Additionally, she is a member of the SPDX Steering Committee and chair of the Linux Foundation’s Automating Compliance Tooling... Read More →

Thursday September 21, 2023 11:00 - 11:40 CEST
Room 0C (Floor 0)