In today’s rapidly evolving software landscape, organizations face a critical decision: write it all yourself or rely on someone else’s code. Writing it yourself will consume endless hours of time, loads of money and require you to support it into the foreseeable future. Relying on external dependencies can provide a significant shortcut, but comes with a plethora of challenges ranging from vulnerability management to compliance risks. This talk chronicles our journey from chaos to control in software supply chain management, focusing on the implementation of a robust Software Bill of Materials (SBOM) strategy. We’ll explore how SimpleRisk transformed from having no visibility into our software dependencies to establishing a fortified “SBOM Shelter” – a comprehensive system for dependency management and automated SBOM generation within our CI/CD pipeline. Whether you’re just starting your SBOM journey or looking to fortify your existing processes, this talk will provide valuable strategies for building a more secure and transparent software supply chain and transforming vulnerability into resilience, brick by brick. Discover how not just to weather the dependency storm, but to thrive in it.
