2025-10-04 –, ENG 103
By now most people in the industry are familiar with Bills of Materials. However, a trivial idea of storing and sharing xBOMs often becomes a challenging and time-consuming process. In this talk we will introduce OWASP Transparency Exchange API (TEA) project which aims to standardize the process.
Many organizations currently find themselves at different stages of adoption of Bills of Materials (xBOMs). At the same time, more customers and regulators worldwide are demanding xBOMs with released products.
However, in practice there are known challenges with storing and sharing xBOMs. For instance, how can one quickly locate the xBOM for the current or previous version of a product? If a product consists of multiple components with separate xBOMs, how can we efficiently assemble an xBOM for the entire product? Additionally, how do we store and track xBOMs across different branches and versions?
The Transparency Exchange API (TEA) aims to establish a standardized approach to answering these and other related questions.
Led by OWASP, the TEA project seeks to become an Ecma standard accepted by regulators.
Pavel Shukhman is Co-Founder and CEO of Reliza, where he oversees the company's efforts in managing software and hardware releases, xBOMs, versioning and component identification. With over a decade of experience leading software teams, he has helped organizations implement DevOps and DevSecOps best practices. Pavel holds a Master’s degree in Computer Science from the University of Illinois Urbana-Champaign.