Loading…
Open Source Summit + Embedded Linux Conference North America... has ended
May 18-20, 2026
Minneapolis, MN
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit North America 2025 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Central DaylightTime (UTC -5). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.
← Back to schedule
Package Managers Metadata and Cross Ecosystem Projects in the Era of SBOMs - Damián Vicino, Datadog
Tuesday May 19, 2026 2:10pm - 2:50pm CDT
200G (Level Two)
Package managers do more than resolve dependencies—they shape how software and its metadata are distributed across the ecosystem. While they simplify development, they also introduce large, fast-moving transitive dependency trees that are rarely inspected in depth.
Despite evolving independently, most package managers share a common model: distributing artifacts alongside metadata. Yet metadata formats, completeness, and quality vary widely across ecosystems, creating challenges for security analysis, compliance, and supply chain risk management—especially in today’s hybrid, multi-language environments.
This talk examines how package metadata is increasingly used beyond builds, powering vulnerability management, license compliance, and Software Bill of Materials (SBOM) generation through standards such as SPDX and CycloneDX.
Based on the results from the first year of work from the CHAOSS Package Metadata Working Group—an analysis of more than 40 package managers—we’ll share emerging best practices, gaps we’ve identified, and recommendations for both new and existing ecosystems to improve metadata quality, interoperability, and transparency.
Speakers
avatar for Damián Vicino

Damián Vicino

Senior Open Source Specialist, Datadog
Damian Vicino is a Senior Open Source Specialist at Datadog’s OSPO and an Adjunct Research Professor at Carleton University. He began contributing to open source in the early 2000s, leading a local BSD user group and collaborating with a team on five BSDday Argentina events. He... Read More →
OSSNA26 PACKAGE MANAGERS METADATA AND CROSS ECOSYSTEM PROJECTS IN THE ERA OF SBOMS pdf
Tuesday May 19, 2026 2:10pm - 2:50pm CDT
200G (Level Two)
  Packages + Images + Containers
  • Audience Experience Level Any
  • Slides Attached Yes

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning App Privacy Terms
Share Modal

Share this link via

Or copy link