daBOM with Trac Bannon and DJ Schleen
** DJ Schleen: I’ll never forget the day I met Tracy, although I really think we were actually separated at birth. We were scheduled to be on a podcast together and after introducing ourselves to each other in the call lobby, we began a discussion that most likely would’ve gone on forever at the host, not interrupted us to get the show started. […] ** DJ Schleen: ** You also said DevSecOps. How are you seeing SBOMs being used in that whole DevSecOps process and community?
** Trac Bannon: **
Oh, you’re going to ask me to open the kimono on what’s going on with DevSecOps and the SBOM? When it comes to software, we’ve been doing dependency management, I’m going to use that term for right now. We’ve been doing dependency management for decades, and when somebody fails to do decent dependency management, when there’s a problem, they get into a predicament.
SBOM happened to be an industry-wide embodiment of what we’re doing with dependency management, especially since we had the explosion of open source.
When I think about doing development today versus doing development even 10 or 15 years ago, the sheer number of packages that are being brought down, the sheer number of external things that are being deposited into my ecosystem is mind boggling.