<description>&lt;p class="MsoNormal"&gt;&lt;span style= "font-size: 18.0pt; line-height: 115%;"&gt;Software bills of materials or SBOMs are critical to software security and supply chain risk management. Ideally, regardless of the SBOM tool, the output should be consistent for a given piece of software. But that is not always the case. The divergence of results can undermine confidence in software quality and security. In our latest podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jessie Jamieson, a senior cyber risk engineer in the SEI's CERT Division, sits down with Matt technical director of Risk and Resilience in CERT, to talk about how to achieve more accuracy in SBOMs and present and future SEI research on this front. &lt;span style= "mso-spacerun: yes;"&gt; &lt;/span&gt;&lt;/span&gt;&lt;/p&gt;</description>

Software Engineering Institute (SEI) Podcast Series

Members of Technical Staff at the Software Engineering Institute

Getting Your Software Supply Chain In Tune with SBOM Harmonization

OCT 23, 202523 MIN
Software Engineering Institute (SEI) Podcast Series

Getting Your Software Supply Chain In Tune with SBOM Harmonization

OCT 23, 202523 MIN

Description

Software bills of materials or SBOMs are critical to software security and supply chain risk management. Ideally, regardless of the SBOM tool, the output should be consistent for a given piece of software. But that is not always the case. The divergence of results can undermine confidence in software quality and security. In our latest podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Jessie Jamieson, a senior cyber risk engineer in the SEI's CERT Division, sits down with Matt technical director of Risk and Resilience in CERT, to talk about how to achieve more accuracy in SBOMs and present and future SEI research on this front.