Try   HackMD

FOSDEM 2025 devroom proposal

Full proposal content:

Proposal title:

Software Bill of Materials (SBOM) devroom

Notes:

This devroom has run the last two years with great success, and we want to host it again in 2025. The number of submissions we received in our CfP in both years was enough to cover almost double the time allocated! We even made the decision to reject any tool-specific presentations, pushing them to a fringe event. Both years we ran almost the whole day in full room capacity (I should mention last year we were unpleasantly surprised when we realized that K.4.401 only had 60 desk seats and 16 chairs in front instead of the advertised size).

Language:

en

Why does this proposal fit FOSDEM:

Having a Bill of Materials for software deliveries is becoming more and more important, or even crucial. Security and regulatory obligations, like the recent CRA and AI Acts of EU, require both producers and consumers of software to have a complete and accurate knowledge of all components in a software package. Besides the well-known and understood problem of listing software components and their metadata such as licensing and security-related information, the field of Bill of Materials is constantly facing new challenges. AI-related software is becoming more and more common, and this changes the fundamentals of how we are thinking about software: it is built not only from source code, but also from processing of datasets. In this case there is, therefore, need to record what datasets were used, how the processing was done, and so on. The field is very much open right now and lots of people/teams are working on these issues, both from the requirements/standardization side and the implementation/tools side. We believe that open discussion on all these aspects is important for the Free Software community and FOSDEM provides a perfect venue for it. The success of the SBOM devrooms in the last two years attests to the high interest of both presenters and audience. It should be noted that, although related discussions and individual presentations happen in various places, this devroom has been the single event dedicated to the specific problem and the community knows it and anticipates it every year.

Prefered slot:

Full day (any)

Submitters affinity to the topic:

I was one of the people involved with running the same SBOM in the previous two years; my co-organizers have also indicated that they are willing to serve again. I have been deeply involved in SBOM topics for more than a dozen years, both as a volunteer and as an employee. Part of my day job is implementing such infrastructure in Intel. I am also part of the relevant community and know personally most of its members. I participate in the SPDX Steering Committe, its Technical and Legal teams, and I co-chair its Outreach team (SPDX being the international standard for SBOMs). I also participate in numerous other efforts related to SBOMs (e.g. OpenSSF, OpenChain, etc.)

Relevant URLS:

https://archive.fosdem.org/2024/schedule/track/software-bill-of-materials/ https://archive.fosdem.org/2023/schedule/track/software_bill_of_materials/ https://spdx.dev/

Special Requirements:

None

Last changed by 
SPDX
Collaboration of the SPDX team(s)
0
50

Read more

Outreach calls minutes

Alexios Zavras

Apr 14, 2025
FOSDEM 2025 - SBOM devroom info and CfP

FOSDEM is one of the world's premier meetings of free software developers, with thousands of people attending each year. FOSDEM 2024 will take place on the weekend of 3-4 February 2024 in-person in Brussels.

Nov 4, 2024
FOSDEM 2024 devroom proposal

Full proposal content:Proposal title: Software Bill of Materials devroomNotes: After the success of last year's first-ever SBOM devroom, we want to host it again in 2024. Last year we initially had a half-day, but it got extended to a full-day. The number of submissions we received in our CfP was enough to cover almost double the time allocated! We ran almost the whole day in full room capacity.Language: enWhy does this proposal fit FOSDEM: Having a Bill of Material for software deliveries is becoming more and more important, or even crucial. Security and regulatory obligations require both producers and consumers of software to have a complete and accurate knowledge of all components in a software package. Besides the well-known and understood problem of listing software components and their metadata, the field of Software Bill of Materials is facing new challenges. A new type of software (commonly referred to as "AI"-related) emerges, that is built not only from source code, but also from processing of datasets. There is, therefore need to record what datasets were used, how the processing was done, and so on. The field is very much open right now and lots of people/teams are working on these issues, both from the requirements/standardization side and the implementation/tools side.We believe that open discussion on all these aspects is important for the Free Software community and FOSDEM provides a perfect venue for it. The success of last year's first-ever SBOM devroom attests to the high interest of both presenters and audience.Prefered slot: Full day (any)Submitters affinity to the topic: I was one of the people involved with running the same SBOM in 2023; my co-organizers have also indicated that they are willing to serve again. I have been deeply involved in SBOM topics for more than a dozen years, both as a volunteer and as an employee. I work with implementing such infrastructure in Intel. I am also part of the SPDX Steering Committe, its Technical and Legal teams, and I co-chair its Outreach team (SPDX being an international standard for SBOMs). I also participate in numerous other efforts related to SBOMs (e.g. OpenSSF, OpenChain, etc.)Relevant URLS: https://archive.fosdem.org/2023/schedule/track/software_bill_of_materials/ https://spdx.dev/Special Requirements: None

Oct 9, 2024
Hash

SPDX-License-Identifier: Community-Spec-1.0

Sep 17, 2024
Read more from SPDX
Published on HackMD