filmov
tv
Not All SBOMs Are Created Equal - Introducing JBOM - Jeff Williams
Показать описание
#OWASP #CycloneDX #SBOM #JBOM #SoftwareSupplyChain
"Not All SBOMs Are Created Equal" - Jeff Williams
OWASP was the first to champion the importance of insecure components in 2013. Since then, organizations have been slowly improving their software supply chain tools and processes. But as the Log4Shell debacle reminded us, we still have a very long way to go. The recent Executive Order on Cybersecurity has mandated the use of “Software Bill of Materials” or SBOM and the idea seems to be catching on rapidly. In this talk, we’ll discuss using SBOMs – both upstream and downstream in your software supply chains. Unfortunately, what shows up in an SBOM depends on how it was created. From a source code repo? A binary? A running application? How far down the stack does it go? Just the app? Application server? Platform? Container? OS? And when was the SBOM created? Latest version? Branch? We’ll also talk about some of the practical problems with using SBOM as a way to understand your supply chain at scale. Come find out how to leverage SBOMs the right way.
SPEAKER BIO:
Jeff Williams is the co-founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API (ESAPI), OWASP Application Security Verification Standard(ASVS), XSS Prevention Cheat Sheet, WebGoat and many other widely adopted free and open projects. Jeff is the co-founder and the CTO of Contrast Security. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
This talk was presented at the OWASP London [ONLINE] Chapter Meeting on 10-March-2022
"Not All SBOMs Are Created Equal" - Jeff Williams
OWASP was the first to champion the importance of insecure components in 2013. Since then, organizations have been slowly improving their software supply chain tools and processes. But as the Log4Shell debacle reminded us, we still have a very long way to go. The recent Executive Order on Cybersecurity has mandated the use of “Software Bill of Materials” or SBOM and the idea seems to be catching on rapidly. In this talk, we’ll discuss using SBOMs – both upstream and downstream in your software supply chains. Unfortunately, what shows up in an SBOM depends on how it was created. From a source code repo? A binary? A running application? How far down the stack does it go? Just the app? Application server? Platform? Container? OS? And when was the SBOM created? Latest version? Branch? We’ll also talk about some of the practical problems with using SBOM as a way to understand your supply chain at scale. Come find out how to leverage SBOMs the right way.
SPEAKER BIO:
Jeff Williams is the co-founder and major contributor to OWASP, where he served as the Chair of the OWASP Board for 8 years and created the OWASP Top 10, OWASP Enterprise Security API (ESAPI), OWASP Application Security Verification Standard(ASVS), XSS Prevention Cheat Sheet, WebGoat and many other widely adopted free and open projects. Jeff is the co-founder and the CTO of Contrast Security. Jeff has a BA from Virginia, an MA from George Mason, and a JD from Georgetown.
This talk was presented at the OWASP London [ONLINE] Chapter Meeting on 10-March-2022
0:54:31
0:35:15
0:26:05
0:08:47
0:51:31
0:33:44
0:57:45
0:25:05
0:29:23
0:35:02
0:39:58
0:35:58
0:02:24
0:08:26
0:48:32
0:56:03
0:57:36
0:31:16
0:05:06
0:52:33
1:30:22
0:27:22
0:45:08
0:40:00