SBOM-a-Rama Fall 2024
CISA is hosting another SBOM-a-Rama! We are excited for you to join us September 11-12, 2024, at the Denver Athletic Club in Denver, CO. Day 1 is the SBOM-a-Rama as you know it, a day of presentations from across the global software community on SBOM-related topics and a chance to discuss important opportunities and issues. Day 2 features our first SBOM-Solutions Showcase, where suppliers of commercial and open-source SBOM solutions will have a chance to share how they are helping meet the needs of community.
SBOM-a-Rama on Day 1 allows for both in-person and virtual attendance options. The SBOM-Solutions Showcase on Day 2 will be limited to in-person attendees. You can find the Federal Register Notice for this event here.
Register to attend SBOM-a-Rama and the SBOM-Solutions Showcase.
Exhibitor registration for the SBOM-Solutions Showcase is now closed. View the organizations who expressed interest in demonstrating their SBOM tools.
Join Us!
In-person:
Where: Denver Athletic Club 1325 Glenarm Place, Denver CO 80204
When: September 11, 2024-September 12, 2024
Virtually:
Join the Microsoft Teams meeting now
Meeting ID: 261 383 547 830
Passcode: T9Q8WN
Dial in by phone:
+1 202-516-6093,,962562124# United States, Washington
Phone conference ID: 962 562 124#
Email SBOM@cisa.dhs.gov if you experience any issues connecting to the meeting.
Draft Agenda
9:00–9:10 a.m. | Welcome | Sandra Radesky CISA |
9:10–9:15 a.m. | Housekeeping | Allan Friedman CISA |
9:15–9:30 a.m. | Beyond the BOM: SBOMs in Action | James Caseja Office of the Deputy Assistant Secretary of the Army for Data Software & Engineering |
9:30–9:40 a.m. | Automating the Transparency Exchange with a Standard API - OWASP TEA | Olle Johansson Edvina |
9:40–9:50 a.m. | Information Sharing Centers as SBOM Distributors | Phil Englert Healthcare ISAC |
9:50–10:00 a.m. | SBOM Generation Reference Implementations | Viktor Petersson sbomify |
10:00–10:10 a.m. | AIBOM: Use Cases | Helen Oakley SAP |
10:10–10:20 a.m. | What Do We Do with All These SBOMs? (BOMOps) | Deanna Medina United Airlines |
10:20–10:40 a.m. | SBOM Tiger Team Q&A | |
10:40–10:50 a.m. | Break (10 minutes) | |
10:50–11:00 a.m. | Automating Supply Chain Compliance with SBOMs | Keith Ganger Lockheed Martin |
11:00–11:10 a.m. | Healthcare SBOM Proof-of-Concept Update | Ed Heierman Abbott Jennings Aske New York Presbyterian |
11:10–11:20 a.m. | SBOM Update for the Mobile Ecosystem, and Why This Matters to All of Us | Bob Lyle Finite State |
11:20 a.m.–12:05 p.m. | Discussion | |
12:05–1:05 p.m. | Lunch (1 hour)
| |
1:05–1:20 p.m. | SBOM Requirements for Medical Devices | Nastassia Tamari Food and Drug Administration |
1:20–1:35 p.m. | Korea’s Effort to Build an SBOM-Based Risk Management Framework | Yunseong Choi Korea University |
1:35–1:50 p.m. | VEX in Practice | Art Manion Analygence |
1:50–2:35 p.m. | Discussion | |
2:35–2:45 p.m. | Break (10 minutes) | |
2:45–3:00 p.m. | The Right Tool for the Job! Understanding SBOM Tool Attributes to Meet Your Needs | Lynn Westfall |
3:00–3:15 p.m. | (Re)Framing SBOMs: A Refinement of SBOM Attributes for All | Kate Stewart Melissa Rhodes |
3:15–3:25 p.m. | All (Other) CISA SBOM Things | Allan Friedman CISA |
3:25–3:30 p.m. | Plugfest 2024: SBOM Interoperability Exercise | Brett Tucker Carnegie Mellon Software Engineering Institute |
3:30–3:40 p.m. | From Theory to Practice: Supply Chain Security at Splunk | Anusha Penumacha Splunk |
3:40–3:50 p.m. | Awareness, Adoption, & $Decade++; //The Next Chapter of Transparency | Josh Corman Institute for Security and Technology Audra Hatch |
3:50–4:00 p.m. | Closing Remarks | Allan Friedman CISA |