ONEKEY invites you to their event

What Makes a Good SBOM? Ensuring High-Quality, Actionable Software Bill of Materials

Thursday, March 12 2026 at 11:00 am (CET)
About 45 minutes

About this event

Software Bill of Materials (SBOMs) are rapidly becoming a cornerstone of modern software supply chain security, transparency, and compliance. However, simply producing an SBOM is not enough — the quality of the data, its completeness, accuracy, and machine-readability are what determine whether it can truly support vulnerability management, risk mitigation, and regulatory requirements.

Standards bodies like the National Telecommunications and Information Administration (NTIA) and the Cybersecurity and Infrastructure Security Agency (CISA) have defined minimum elements for SBOMs and recommended practices to scale their operational use across organizations. Emerging community guidance, including OWASP-related maturity models, highlights the importance of completeness, confidence, and lifecycle context in SBOMs.

In this 45-minute webinar, we’ll cut through the noise and show what truly makes a high-quality, actionable SBOM. You’ll learn how to evaluate your own SBOMs, understand common pitfalls, and build quality gates that align with standards and real-world risk workflows. We’ll then demonstrate how ONEKEY’s SBOM Management capabilities — including binary-based generation, version matching, license identification, and continuous monitoring — help you produce SBOMs that are not only compliant but useful for security, compliance, and lifecycle risk management.

During the session you will learn:

  • Why many SBOMs fail to deliver high-quality data and what “quality” actually means in practice
  • Core SBOM quality criteria based on NTIA’s minimum elements and CISA’s evolving guidance
  • How to assess SBOM completeness, accuracy, and machine-readability
  • Techniques to ensure consistency, confidence, and lifecycle continuity in SBOMs
  • How ONEKEY enhances SBOM quality through automated component detection, standardized naming, CVE matching, and VEX support
  • Practical steps to integrate high-quality SBOM generation into your product lifecycle

The session will include a live demonstration of generating and validating an SBOM, refining the data, and exporting a standards-compliant artifact that you can immediately use for vulnerability and risk workflows.

Whether you’re responsible for software security, supply chain risk management, compliance, or product assurance, this webinar will give you actionable strategies and tools to ensure your SBOMs are trustworthy, complete, and ready for real-world use.

Can’t join live? No problem — register now, and you’ll receive the on-demand recording afterward.

Hosted by

  • Team member
    T
    Sarah Holz Team Lead Customer Success @ ONEKEY

    Sarah works with organizations to maximize the value of their product cybersecurity strategy. She supports them in operationalizing firmware analysis, driving adoption, and increasing risk transparency to achieve measurable security outcomes.

  • Team member
    T
    Quentin Kaiser Lead Security Researcher @ ONEKEY Gmbh

    Quentin Kaiser is an ex-penetration tester who turned binary analysis nerd. He's currently working as a security researcher at the ONEKEY Research Lab, where he focuses on binary exploitation of embedded devices and bug finding automation within large firmware.

ONEKEY

We automate software security & compliance of connected products at scale.

ONEKEY is a specialist for Product Cybersecurity for IoT & OT. Using automatically generated "Digital Twins" and "Software Bill of Materials" of devices, ONEKEY analyzes firmware for security vulnerabilities & compliance violations, without source code, device, or network access.

View all events
Host webinars on Host webinars on Livestorm
Virtual Meetings Webinars Virtual Events On-Demand Webinars Automated Webinars Product Demos Company communication Customer training Live Q&As Employee onboarding Live events