SBOM SmackDown: Conquer dragons in the shadows with OWASP CycloneDX - Steve Springett

preview_player
Показать описание
Speaker
Steve Springett
ServiceNow, Sr Manager, Secure Software Engineering

Description
Software Bill of Materials (SBOM) has gained wide-spread support ranging from the software industry, to critical infrastructure, to the White House. Not all SBOMs, or SBOM formats, are created equal. In this session, transparency in the software supply chain will be highlighted along with strategies for effectively using the OWASP CycloneDX SBOM standard to make better risk-based decisions. In adherence to the Executive Order issued by the White House mandating SBOMs, the National Telecommunications and Infrastructure Administration (NTIA) has published minimum elements of an SBOM. This session will cover the minimum elements and why it's advantageous to exceed these requirements whenever possible. Example use cases will be presented that illustrate common software supply chain scenarios and how they can be represented in CycloneDX and communicated to others in the supply chain.

Managed by the OWASP® Foundation
  1. OWASP Foundation
  2. owasp
  3. appsec
Рекомендации по теме
SBOM SmackDown: Conquer 0:50:22

SBOM SmackDown: Conquer dragons in the shadows with OWASP CycloneDX - Steve Springett

SBOM SmackDown Conquer 0:50:22

SBOM SmackDown Conquer dragons in the shadows with OWASP CycloneDX Steve Springett

SBOM & CycloneDX 1:01:30

SBOM & CycloneDX with Steve Springett

Episode 1 - 0:06:16

Episode 1 - Introduction to CycloneDX SBOM Standard

How to generate 0:08:42

How to generate a Node.JS SBOM in CycloneDX format

Episode 4 - 0:07:24

Episode 4 - Anatomy of a CycloneDX SBOM

CycloneDX vs SPDX 0:02:30

CycloneDX vs SPDX

The Rise of 0:32:05

The Rise of the SBOM - Steve Springett - ESW #226

Episode 2 - 0:12:38

Episode 2 - CycloneDX SBOM Capabilities and Use Case Overview

Tool Review: CycloneDX 0:07:51

Tool Review: CycloneDX SBOM Repository

Free Software Bill 0:01:00

Free Software Bill of Materials (SBOM) Checker from SNYK & Benefits! #shorts

Tool Review: Markdown 0:02:48

Tool Review: Markdown SBOM Tool

Tool Review: CycloneDX 0:04:14

Tool Review: CycloneDX for NPM

Transparency in the 0:29:46

Transparency in the Software Supply Chain: Making SBOM a Reality

Episode 3 - 0:04:55

Episode 3 - SBOM and Software Transparency

BoF: State of 0:41:54

BoF: State of SBOM Tools - Nisha Kumar, Oracle

Tool Review: CycloneDX 0:11:33

Tool Review: CycloneDX Command Line Interface

#BCC23 | Understanding 0:29:12

#BCC23 | Understanding risk: supply chain transparency and SBOM

Patrick Dwyer -- 0:27:23

Patrick Dwyer -- CycloneDX and SBOMs

Tool Review: CycloneDX 0:06:23

Tool Review: CycloneDX Core for Java Projects

OWASP Spotlight - 0:24:49

OWASP Spotlight - Project 21 - OWASP Cyclone Dx

CSIAC Webinars - 1:00:18

CSIAC Webinars - Software Bill of Materials (SBOM)

Sign and Verify 0:00:59

Sign and Verify Software Artifacts using Sigstore Cosign #supplychain #security #softwareengineering

Tool Review: cdxgen 0:03:46

Tool Review: cdxgen