Loading…
June 23 - 25, 2025
Denver, Colorado
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Mountain Daylight Time (UTC/GMT -6). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Using SBOMs for Linux Foundation Projects - Jeff Shapiro, The Linux Foundation & Gary O'Neall, Source Auditor Inc.
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3D
Last year we introduced the LF-SBOM, which we are now generating for many projects. Today we will provide an update on this important effort to provide SBOMs for most critical LF projects. We will review the work done to date, and go into more detail on how to use the LF-SBOM specification. We will give real world concrete examples on how to use our SBOM to generate a Security Vulnerability report, and how to generate a report of open source licenses. We will also discuss how to use our SBOMs to meet new regulations (e.g. US CISA and EU CRA) when delivering software to the government sector, and how to use our SBOM as an example when you create one for your own project.
Speakers
avatar for Jeff Shapiro

Jeff Shapiro

Director of License Scanning, The Linux Foundation
Jeff Shapiro is the Director of License Scanning for The Linux Foundation. He has 30 years of experience in the software industry, including 10 years in software auditing, open source scanning, and training developers in OSS license compliance.
avatar for Gary O'Neall

Gary O'Neall

Founder and Principal Consultant, Source Auditor Inc.
Gary is a contributor to the Software Package Data Exchange® (SPDX™) - an open standard for communicating software bill of material information, including components, licenses, copyrights, and security references. Gary has contributed several open source tools.Gary O’Neall is... Read More →
Wednesday June 25, 2025 2:10pm - 2:50pm MDT
Bluebird Ballroom 3D
  Operations Management

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Share Modal

Share this link via

Or copy link