Open Source in Finance Forum London 2025

Ensuring licensing compliance with SBOMs isn’t just about identifying declared licenses: it requires verifying the integrity of the listed components. Without validation through identity assertions and cryptographic hashes, SBOM license data can be incomplete, misleading, or outright incorrect. This session explores how to enhance trust in SBOM-driven compliance by integrating integrity checks, ensuring the software components match their declared identities. Attendees will gain insights into best practices for verifying SBOM data, mitigating legal and security risks, and improving compliance workflows. Join me to learn why an SBOM without integrity verification is meaningless—and how to fix it.