BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.troopers.de//tr26-cfp//speaker//MWERYW
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-tr26-cfp-WZ9YRV@cfp.troopers.de
DTSTART;TZID=CET:20260624T120000
DTEND;TZID=CET:20260624T130000
DESCRIPTION:This talk is about the nasty corner cases in generating an SBOM
 . A noble and justified demand\, by both customers as well as regulators a
 like\, but with so many more obstacles than initially expected. We were na
 ive. We thought "how hard can it be to list all software components in a p
 roduct?".\n\nWith increasing regulatory demand i.e.\, the cyber resilience
  act\, we would like to share some of the observations we made. Some of th
 e challenges we encountered will seem familiar to people working on the su
 bject\, some may be completely new for you. They will cover legacy softwar
 e\, how naming things can be hard\, technical debt\, issues with the NIST 
 CVE data enrichment (or lack thereof)\, and more.\n\nSpoiler: AI won't hel
 p you here.
DTSTAMP:20260510T025716Z
LOCATION:Track 3
SUMMARY:Our Journey\, from SBOM to ASSBOMB - Martin Schmiedecker
URL:https://cfp.troopers.de/tr26-cfp/talk/WZ9YRV/
END:VEVENT
END:VCALENDAR