Pavel Shukhman Presents Transparency Exchange API at Three Major Security Conferences
2025-11-10
Reliza CEO Pavel Shukhman delivered three talks on the OWASP Transparency Exchange API (TEA) at major security conferences across North America this fall, covering how organizations can discover, share, and consume xBOMs in a standardized way.
1. Transparency Exchange API: Where To Find Product SBOM?
Open Source SecurityCon 2025 - Atlanta, GA - November 10, 2025
This talk at Open Source SecurityCon 2025 explored the challenge of finding SBOMs for software products in the wild and how the Transparency Exchange API provides a standardized discovery mechanism. Pavel walked through the TEA specification, real-world adoption examples, and how ReARM implements TEA-compatible endpoints for publishers and consumers alike.
2. Transparency Exchange API: How Do You Find the SBOM for a Smart Light Bulb?
OWASP 2025 Global AppSec USA - Washington, DC - November 6, 2025
Presented at the OWASP Global AppSec USA 2025 conference, this talk used the relatable example of a consumer IoT device - a smart light bulb - to illustrate why SBOM discoverability matters beyond enterprise software. Pavel explained how TEA enables both manufacturers and consumers to participate in a transparent exchange of supply chain information, regardless of the complexity of their product ecosystem.
3. OWASP Transparency Exchange API: How We (Will) Share xBOMs
BSides Toronto - Toronto, ON - October 4, 2025
At BSides Toronto, Pavel introduced the TEA specification and its vision for how the security community will share xBOMs - SBOMs, HBOMs, VEX, and other bill-of-materials formats - across organizational boundaries. The talk covered the current state of the spec, the role of community tooling like ReARM, and the path toward broad industry adoption.