Building software today is a complicated process, involving many tools that we don’t have control over. In order to build software securely and verifiably, it’s important to understand not just what the resulting product contains but also what was used to build it. This makes detection of many types of vulnerabilities faster and easier to automate. Keith will briefly explain how some vulnerabilities in the software supply chain operate. Using only open source tools he’ll show how to identify software used along the way by using and validating SBOMs. Lastly, he’ll explain how to get notified quickly when these vulnerabilities are reported. Attendees will come away with an understanding of the importance of SBOMs in securing the software supply chain.