OWASP Ottawa March 19th 2025: From SBOMs to xBOMs to Transparency

Welcome to our in-Person Meetup at the University of Ottawa

In-Person Location:
150 Louis-Pasteur Private, Ottawa,
University of Ottawa
Room 117

We will continue to Live Stream on our YouTube channel. (https://www.youtube.com/@OWASP_Ottawa). Subscribe to our YouTube channel, set a reminder and you’ll get a notification as soon as we go live!

YouTube Live Stream Link: https://www.youtube.com/watch?v=51ZfFE085pg

6:00 PM EST Arrival, setup, mingle, PIZZA!!!

6:30 PM EST Technical Talks

1. Introduction to OWASP Ottawa, Public Announcements.
2. "From SBOMs to xBOMs to Transparency" with Pavel Shukhman

Abstract:
We will discuss problems that are currently solvable by OWASP CycloneDX and its ecosystem (Vers, Purl, TEA) as well as use-cases that either don't have solutions or have inefficient solutions. The talk would include a brief demonstration of OWASP Dependency-Track showing real-world SBOM data from Reliza's open source Rebom project.

Speakers:
Pavel Shukhman is Co-Founder and CEO of Reliza. He leads company efforts in building a supply chain security system managing software and hardware metadata, including xBOMs, strict versioning, identification and various attachments. Previously, Pavel for more than ten years was leading software teams and supporting organizations in implementation of DevOps and DevSecOps best practices. He holds a Master of Computer Science degree from the University of Illinois Urbana-Champaign.