Why Building Your Ship (Application) with Raw Materials is a Bad Idea!


In this session, I will talk about what companies are doing to circumnavigate these tricky waters and what types of applications are simply not able to use open source code. Then I will go over some best practices to make sure your applications are secure, robust and compliant.

More and more organizations are creating a software bill of materials (SBOMs) to find out what is in their applications. With new legislation surrounding SBOMs surfacing, we are having to comply with regulations such as certifying that the open source parts of our applications are not full of vulnerabilities and following good programming practices. But what happens if we cannot verify the source of this code? Can we simply put it down as raw materials to bypass said certification? In this session, I will talk about what companies are doing to circumnavigate these tricky waters and what types of applications are simply not able to use open source code. Then I will go over some best practices to make sure your applications are secure, robust and compliant to be delivered to your customers, with a great set of materials to keep your ship always floating.



Recording