Open Compliance Summit 2022 has ended
In-person Event | December 7-8, 2022
View More Details

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for the Open Compliance Summit to participate in the sessions. 

Open Compliance Summit is an exclusive event for Linux Foundation members and select invitees. Attendance is limited to ensure ease of networking and collaboration. The summit (like prior) will be held under Chatham House Rule. Please consent to this rule before you request an invitation.

Please note: This schedule is automatically displayed in Japan Standard Time (UTC+9:00). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date." The schedule is subject to change.
Back To Schedule
Wednesday, December 7 • 5:10pm - 5:30pm
Satisfying Safety Standards with the SPDX Build Profile - Brandon Lum, Google & Kate Stewart, The Linux Foundation

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
When a system has functionality incorporated that could have serious consequences in terms of a person’s well being or significant loss, the details matter. The level of transparency and traceability may need to be at different levels of details based on the seriousness of the consequences. For safety standards, such as Automotive (ISO 26262), Aviation (DO 178C), and many more, tracking details of configuration management at the build level is vital. How was a piece of software built? Who was it built by? What is the toolchain that was used to build it, and how were they configured? The SPDX Build Profile provides additional extensibility on top of the SPDX SBOM standard. In this talk we will share what the build profile is and how it can be used to capture build metadata and how safety and critical compliance benefits from it.

avatar for Brandon Lum

Brandon Lum

Software Engineer, Google
Brandon loves designing and implementing computer systems (with a focus on Security, Operating Systems, and Distributed/Parallel Systems). Brandon is a Co-chair of the CNCF Security TAG, and as a part of Google's Open Source Security Team, he works on improving the security of the... Read More →
avatar for Kate Stewart

Kate Stewart

Vice President of Dependable Embedded Systems, The Linux Foundation
Kate Stewart is Vice President of Dependable Embedded Systems at the Linux Foundation. She works with the safety, security and license compliance communities to advance the adoption of best practices into embedded open source projects. Since joining The Linux Foundation, she has launched... Read More →

Wednesday December 7, 2022 5:10pm - 5:30pm JST
  Technical Sessions