SBOMs – A Short Introduction

At OSPOlogy Live Frankfurt in October 2023, I gave an introduction to Software Bills of Materials (SBOMs) for the OSPO community. Everyone had heard of SBOMs by then – they seemed ubiquitous, with shiny tools sprouting up everywhere. But what were they actually all about? What were the real use cases? And what often caused practical applications to fail? This talk aimed to provide a common understanding without the marketing-speak.

The session covered the fundamental concepts of SBOMs, explored concrete use cases where they add value, and discussed the challenges organizations face when trying to implement them in practice. Drawing from my experience working with software supply chain transparency at Deutsche Bahn, I highlighted common pitfalls and offered practical insights for OSPOs looking to make sense of the SBOM landscape.

This was part of a two-day event hosted by SAP’s OSPO and co-organized with TODO Group, InnerSource Commons, LF Energy, OpenChain, SPDX, CHAOSS, and OpenSSF projects.