filmov
tv
Limiting Supply Chain Risk with Dependency-Track
Показать описание
Abstract:
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
Discover the benefits of leveraging CycloneDX Software Bill of Materials along with OWASP Dependency-Track to identyify risk across a wider range of use cases.
About Steve Springett:
Steve educates teams on the strategy and specifics of developing secure software.
He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.
Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill of material standard, and participates in several related projects and working groups.
Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.
Discover the benefits of leveraging CycloneDX Software Bill of Materials along with OWASP Dependency-Track to identyify risk across a wider range of use cases.
About Steve Springett:
Steve educates teams on the strategy and specifics of developing secure software.
He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive programming techniques.
Steve's passionate about helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill of material standard, and participates in several related projects and working groups.
0:56:13
0:11:09
0:04:50
0:08:17
0:59:29
0:38:40
0:26:53
0:59:37
0:55:34
1:01:22
1:03:24
0:02:48
0:30:12
1:03:28
0:53:28
0:15:35
0:06:36
0:08:46
0:01:32
0:39:39
1:01:33
0:56:34
0:56:22
0:59:24