SBOMs: Essential for Embedded Systems too!
Kate Stewart - Watch Now - Duration: 56:13
09:44:53 From Nathan O. : Does software supply chain also include script and software used by the developpers during development phases only ? 09:45:37 From Phil Kasiecki : I'm looking forward to checking out the Zephyr Developer Summit as I'm intrigued by Zephyr (and that began with your excellent presentation at this event last year) 09:45:42 From Patrick Little : Is there a recommended approach when using vendor specific toolchains like iAR or Keil? 09:46:52 From Leandro Pérez : I tried start with Zephyr on the ESP32... However I have many problems to set the enviroment to compile it :( I don't continue with it… What advise can you give me? 09:47:18 From Nathan O. : Is there any easily accessible tools for building SBOM for projects that don't use either Zephyr nor Yocto ? 09:48:26 From Leandro Pérez : Thanks Kate 09:57:04 From Al Anway : There are recent horror stories of package authors sabotaging their components which then break hundreds or thousands of downstream projects. I've been evaluating different Linux distributions and have been concerned about the danger of allowing the installed distro to update itself. How can users know whether it's safe to allow this? Is there SBOM adoption among distro authors and how do we find out for a given distro? 09:57:54 From Michael Kirkhart : I believe this has mainly occurred in the node.js ecosystem. 09:58:24 From Leandro Pérez : All is connected now je je 10:00:08 From Leandro Pérez : Sure Katen… Thanks 10:00:15 From Nathan O. : Thanks !