SBOMs and Software Vulnerabilities: Leveraging SCA for Software Supply Chain Security

We have never seen anything that raises the urgency for Software Composition Analysis like the focus on Software Bills of Materials (SBOMs) in the cybersecurity directives from the U.S government and the European Commission. Even before May 2021 U.S. Executive Order, software security vulnerabilities have been the primary market focus for SCA solutions, due to the reasonable perception that vulnerabilities are the greatest risk.

Organizations and companies across all industries are leveraging and extending SCA tools to reduce software supply chain risks related to vulnerabilities and licensing, but the new focus on defining an SBOM specification and processes for producing and consuming SBOMs means that SBOMs have become the linchpin for any modern SCA process or tool.

In this webinar, nexB co-founder and CEO Michael Herzog will discuss the various SBOM specifications and approaches to SCA for analyzing software vulnerabilities and licenses. Michael will also explain how ScanCode, VulnerableCode, and DejaCode fit together to provide a multi-faceted platform to manage software supply chain risks.

SPEAKER: Michael Herzog,
nexB co-founder and CEO
Michael is the CEO and co-founder of nexB Inc., a leading supplier of open source software for Software Composition Analysis. Since 2008, nexB has focused on building best-in-class software for identifying open source software, determining its licensing and reporting its vulnerabilities. Michael was a founding member of the SPDX project at the Linux Foundation and is active in many other industry groups. Prior to nexB, Michael had various executive positions with KPMG Consulting and Oracle.