Loading…
8 August | Hyderabad, India
Learn More and Register To Attend

The Sched app allows you to build your schedule, but it is not a substitute for event registration. To participate in the sessions, you must be registered for OpenSSF Community Day India 2025. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in India Standard Time. To see the schedule in your preferred timezone, please select from the drop-down located at the bottom of the menu to the right.

Schedule is subject to change.
← Back to schedule
Going Beyond SBOM Generation: Ensuring Quality, Compliance, and Real Security Readiness - Vivek Kumar Sahu, Interlynk
Monday August 4, 2025 14:05 - 14:25 IST
Meeting Room 1 + 2
The wake up call like Log4shell vulnerability demanded clear visibility into software components to quickly identify the exploited components/dependencies. This is where SBOMs comes into role play.

But not all SBOMs are created equal.
A low-quality, incomplete, inaccurate SBOM can be just as dangerous and even non-compliant under laws like the Cyber Resilience Act(CRA).

In this Session, we will go one step further i.e beyond SBOM generation. We will cover how to assess the quality of SBOMs, enrich them with missing or incorrect data, and ensure they meet compliance standards like NTIA, CRA, OCT, and more.
Using real open source tools like sbomqs and sbomasm, will transform raw SBOMs into actionable SBOMs, i.e ready to be deployed on SBOM management platforms, share with consumers, or reported to govt bodies.

We will start with chaos of the Log4j vulnerability and walk through how a strong SBOM workflow could have made all the difference.

sbomqs: https://github.com/interlynk-io/sbomqs
sbomasm: https://github.com/interlynk-io/sbomasm/
Speakers
avatar for vivek kumar sahu

vivek kumar sahu

Open Source Developer, Interlynk
I'm passionate about open-source software and actively contribute to improving software supply chain security, with a strong focus on SBOM (Software Bill of Materials) tooling. I collaborate on projects like sbommv, sbomqs, and sbomasm — all open-source tools maintained by Interlynk... Read More →
Monday August 4, 2025 14:05 - 14:25 IST
Meeting Room 1 + 2
  20 Minutes Extended Presentation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Need help? View Support Guides
Event questions? Contact Event Planner
Powered by Sched Event Planning App
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link