SBOM 1x1 - a Workshop on how to do SBOM

Info

Start: 2025-11-15 09:00
End: 2025-11-15 13:00
Location: Lothstraße 64, 80335 München

Description

In recent years, SBOM became an emerging topic to address the need to understand and track the software supply chain and gather a better understanding of the software composition that is used in our modern infrastructure.

Often heard promises are to be able to much faster identify and address vulnerabilities in upstream dependencies like Log4j or to mitigate supply-chain attacks like the XZ Utils attack. But what can it look like to work with SBOMs? This workshop introduces an orientation on the tools and standards at hand and provides practical examples of how and when to generate SBOMs, how to assess their quality, and how to merge and consume them.

Marius Biebel

Marius worked for 5 years at the German Patent and Trademark Office on the electronic patent and trademark filing systems. Since 2025, he has been working at the University of Applied Sciences Munich as a researcher and PhD student investigating the resiliency of operational technology at the HM-SecLab.

Since his master’s degree in 2023, he has been working on SBOMs and is a regular contributor to SBOM projects. Mostly, he can be found with the SBOM-Everywhere Working Group at the OpenSSF. He is one of the maintainers and developers of the SBOM-Tooling Catalog hosted by the OpenSSF.