SBOM Plugfest

Borderless Cyber is excited to host SBOM implementers and those that make and work with SBOM tools for a pre-conference plugfest. Plugfest will take place on 22 June during two different sessions to accommodate global interest.

The goals of this plugfest are to:

• Further align the different SBOM formats around the “baseline” SBOM fields,
• Confirm interoperability and uniformity between the existing standards, and
• Create a set of reference SBOMs as part of the corpus for further tooling evaluation.

Those interested in participating should register their interest with this survey: https://forms.gle/AaMVvQncPVbJrwxKA. The organizers will share the set of SBOM targets with those that sign up. This will include the same samples as the April plugfest, and several new additional targets based on feedback.

This event will require “sweat equity” – participants are expected to have generated at least one SBOM from the target set (either source or built).   Those who have signed up as producers of SBOMs and have submitted files by June 10 will receive a meeting invite to the plug fest. Invitations will also be sent to those who have demonstrated SBOM consumption capabilities by June 17.

The plugfest itself will walk through the differences in results, identify paths to resolution, and further strategies for tool harmonization. The event will focus on SBOMs in: SPDX, CycloneDX, and SWID. 

Sign up today, and please don’t hesitate to reach out if you have any questions.