Commit-Then-Disclose: Cryptographic SBOM Auditing Without IP Leakage - Sharvil Bhatt & Swastik Gour

CNCF
AI summary

This talk presents Commit-Then-Disclose, a cryptographic protocol that enables auditing of Software Bill of Materials (SBOM) without exposing proprietary intellectual property. The approach allows security teams to verify software components and vulnerabilities while maintaining confidentiality of sensitive implementation details. Ideal for security engineers, DevSecOps practitioners, and cloud native platform teams concerned with software supply chain integrity.