Archived Event
This event period has closed. The content on this page is meant for reference or informational purposes only. To view upcoming events, visit our Events page.SBOM-a-Rama Fall 2024
CISA hosted another SBOM-a-Rama September 11-12, 2024, at the Denver Athletic Club in Denver, CO. Day 1 is the SBOM-a-Rama was you know it, a day of presentations from across the global software community on SBOM-related topics and a chance to discuss important opportunities and issues. Day 2 featured our first SBOM-Solutions Showcase, where suppliers of commercial and open-source SBOM solutions had a chance to share how they are helping meet the needs of community.
SBOM-a-Rama on Day 1 allowed for both in-person and virtual attendance options. The SBOM-Solutions Showcase on Day 2 was limited to in-person attendees. You can find the Federal Register Notice for this event here.
View the organizations who expressed interest in demonstrating their SBOM tools.
We will post the presentations and recordings from the event shortly.
Draft Agenda
9:00–9:10 a.m. | Welcome | Sandra Radesky CISA |
9:10–9:15 a.m. | Housekeeping | Allan Friedman CISA |
9:15–9:30 a.m. | Beyond the BOM: SBOMs in Action | James Caseja Office of the Deputy Assistant Secretary of the Army for Data Software & Engineering |
9:30–9:40 a.m. | Automating the Transparency Exchange with a Standard API - OWASP TEA | Olle Johansson Edvina |
9:40–9:50 a.m. | Information Sharing Centers as SBOM Distributors | Phil Englert Healthcare ISAC |
9:50–10:00 a.m. | SBOM Generation Reference Implementations | Viktor Petersson sbomify |
10:00–10:10 a.m. | AIBOM: Use Cases | Helen Oakley SAP |
10:10–10:20 a.m. | What Do We Do with All These SBOMs? (BOMOps) | Deanna Medina United Airlines |
10:20–10:40 a.m. | SBOM Tiger Team Q&A | |
10:40–10:50 a.m. | Break (10 minutes) | |
10:50–11:00 a.m. | Automating Supply Chain Compliance with SBOMs | Keith Ganger Lockheed Martin |
11:00–11:10 a.m. | Healthcare SBOM Proof-of-Concept Update | Ed Heierman Abbott Jennings Aske New York Presbyterian |
11:10–11:20 a.m. | SBOM Update for the Mobile Ecosystem, and Why This Matters to All of Us | Bob Lyle Finite State |
11:20 a.m.–12:05 p.m. | Discussion | |
12:05–1:05 p.m. | Lunch (1 hour)
| |
1:05–1:20 p.m. | SBOM Requirements for Medical Devices | Nastassia Tamari Food and Drug Administration |
1:20–1:35 p.m. | Korea’s Effort to Build an SBOM-Based Risk Management Framework | Yunseong Choi Korea University |
1:35–1:50 p.m. | VEX in Practice | Art Manion Analygence |
1:50–2:35 p.m. | Discussion | |
2:35–2:45 p.m. | Break (10 minutes) | |
2:45–3:00 p.m. | The Right Tool for the Job! Understanding SBOM Tool Attributes to Meet Your Needs | Lynn Westfall |
3:00–3:15 p.m. | (Re)Framing SBOMs: A Refinement of SBOM Attributes for All | Kate Stewart Melissa Rhodes |
3:15–3:25 p.m. | All (Other) CISA SBOM Things | Allan Friedman CISA |
3:25–3:30 p.m. | Plugfest 2024: SBOM Interoperability Exercise | Brett Tucker Carnegie Mellon Software Engineering Institute |
3:30–3:40 p.m. | From Theory to Practice: Supply Chain Security at Splunk | Anusha Penumacha Splunk |
3:40–3:50 p.m. | Awareness, Adoption, & $Decade++; //The Next Chapter of Transparency | Josh Corman Institute for Security and Technology Audra Hatch |
3:50–4:00 p.m. | Closing Remarks | Allan Friedman CISA |