The Event:
OSS Security Technology Workshop (OWS) aims to encourage interaction between the corporate OSS community and academia, thereby stimulating research on OSS security and movement toward its practical application. OWS 2025 will be a key event to share knowledge and experience.
The Speakers:
Kobota San and Namae San of Sony (and the OpenChain community) will be speaking in Okayama on the 28th of October at 15:50.
Title:
Improving SBOM Quality: Practitioner Challenges and Initiatives to Strengthen Software Supply Chain Trust
Abstract:
This presentation examines the critical role of high-quality SBOMs in regulatory compliance and software supply chain hardening. SBOM is essential for robust security management and compliance with OSS licenses. However, as things stand at present, many implementations are inadequate – for example, “Source SBOM” is often unable to capture real binaries or runtime components, while “Build SBOM” generated via CI/CD pipelines tends to rely on package metadata, resulting in incomplete or mismatched data. Sony is focusing its efforts on the OpenChain project, developing SBOM Document Quality Guides based on ISO/IEC 5230 and ISO/IEC 18974, implementing measures such as ESSTRA, software for embedding source code details of executable binaries released by Sony as OSS, and providing upstream OSS packages in collaboration with the Debian community.
