SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)

What's in the SOSS? An OpenSSF Podcast
19/11/2025 26 min Temporada 2 Episodio 22
SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)

Listen "SBOM Chaos and Software Sovereignty: The Hidden Challenges Facing Open Source with Stephanie Domas (Canonical)"

Descargar episodio

Episode Synopsis

Stephanie Domas, Canonical's Chief Security Officer, returns to What's in the SOSS to discuss critical open source challenges. She addresses the issues of third-party security patch versioning, the rise of software sovereignty, and how custom patches break SBOMs. Domas also explains why geographic code restrictions contradict open source principles and what the EU's Cyber Resilience Act (CRA) means for enterprises. She highlights Canonical's work integrating memory-safe components like sudo-rs into the next Ubuntu LTS. This episode challenges assumptions about supply chain security, software trust, and the future of collaborative development in a regulated world.Chapters:00:00 - Welcome01:49 - Memory safety revolution02:00 - Black Hat reflections03:48 - The SBOM versioning crisis06:23 - Semantic versioning falls apart10:06 - Software sovereignty exposed12:33 - Trust through transparency14:02 - The insider threat parallel17:04 - EU CRA impact18:50 - The manufacturer gray area21:08 - The one-maintainer problem22:51 - Will regulations kill open source adoption?24:43 - Call to actionEpisode links:Stephanie Domas LinkedIn pageCanonicalUbuntuOpenSSF Global Cyber Policy Working Group (CRA & policy/standards resources)WiTS Podcast #18 - Canonical’s Stephanie Domas and Security Insight from a Self-Described “Tinkerer”Get involved with the OpenSSFSubscribe to the OpenSSF newsletterFollow the OpenSSF on LinkedIn

More episodes of the podcast What's in the SOSS? An OpenSSF Podcast

Securing the Future: AI, Open Source, and Collaboration with Jay White (Microsoft) 02/12/2025
A Deep Dive into the Open Source Project Security (OSPS) Baseline 04/11/2025
Building Trust in Open Source: Seth Larson's Journey from Maintainer to Security Leader 21/10/2025
New Education Course: Secure AI/ML-Driven Software Development (LFEL1012) with David A. Wheeler 16/10/2025
The Remediation Revolution: How AI Agents Are Transforming Open Source Security with John Amaral of Root.io 07/10/2025
From Manager to Open Source Security Pioneer: Kate Stewart's Journey Through SBOM, Safety, and the Zephyr Project 23/09/2025
Racing Against Quantum: The Urgent Migration to Post-Quantum Cryptography with KeyFactor's Crypto Experts 09/09/2025
Securing AI: A Conversation with Sarah Evans on OpenSSF's AI/ML Initiatives 26/08/2025
Open Source Security: OSTIF's 10-Year Journey of Collaborative Audits 12/08/2025
From Compliance to Community: Meeting CRA Requirements Together 29/07/2025
© 2003-2025 ZARZA | AHEAD OF OUR TIME
privacy policy
In God we trust In God we trust
PreSales Questions? Click Here
or call our toll-free line at +1-888-5002068 Miami, Florida, USA