SBOMs and Why They Can Help Make Your Software More Secure - Anthony Harrison
138 بار بازدید -
4 ماه پیش
-
"SBOMS and why they can
"SBOMS and why they can help make your software more secure" - Anthony Harrison
With a growing interest (or maybe it is just awareness) in Software Bill of Material (SBOM) raised by various initiatives from governments (US, EU and now the UK with the recently announced consultation on software security and resilience), SBOMs are starting (in certain markets) to form part of the development landscape. As software systems become increasingly complex relying on an extensive (and often unknown) software supply chain, it is essential to have a full understanding of all of the components which are used in a solution. This applies at all stages of the life cycle and an SBOM is considered to be a key artefact in providing the necessary information to support a vulnerability management process. This talk will explain what a SBOM is, how and when they should be produced (and some of the challenges that need to be overcome) and demonstrate how they should form part of a DevSecOPs lifecycle. I will try and supplement the talk with some demonstrations using a number of open source applications.
SPEAKER BIO:
Anthony Harrison
Anthony is an independent systems/software/cyber consultant. Anthony is a member of the OpenSSF SBOM Everywhere working group and SBOM Forum. Anthony has presented on SBOMs at FOSDEM (2002 and 2023), EuroPython 2022 and at PyCascades (Vancouver). In his spare time Anthony teaches Python at Manchester CoderDojo and has acts as a mentor for Google Summer of Code (GSOC) projects supported by the Python Software Foundation
----
This talk was presented at the @OWASPLondon on April 18th, 2024 kindly hosted by ThoughtMachine and sponsored by @CheckmarxOfficial
--
Do you want to attend OWASP London meetups in person? Follow OWASPLondon on LinkedIN/Meetup/EventBrite/Facebook/Twitter.
Please SUBSCRIBE to this channel so you get notified when new videos are published
#OWASP #OWASPLondon #SCA #AppSec
With a growing interest (or maybe it is just awareness) in Software Bill of Material (SBOM) raised by various initiatives from governments (US, EU and now the UK with the recently announced consultation on software security and resilience), SBOMs are starting (in certain markets) to form part of the development landscape. As software systems become increasingly complex relying on an extensive (and often unknown) software supply chain, it is essential to have a full understanding of all of the components which are used in a solution. This applies at all stages of the life cycle and an SBOM is considered to be a key artefact in providing the necessary information to support a vulnerability management process. This talk will explain what a SBOM is, how and when they should be produced (and some of the challenges that need to be overcome) and demonstrate how they should form part of a DevSecOPs lifecycle. I will try and supplement the talk with some demonstrations using a number of open source applications.
SPEAKER BIO:
Anthony Harrison
Anthony is an independent systems/software/cyber consultant. Anthony is a member of the OpenSSF SBOM Everywhere working group and SBOM Forum. Anthony has presented on SBOMs at FOSDEM (2002 and 2023), EuroPython 2022 and at PyCascades (Vancouver). In his spare time Anthony teaches Python at Manchester CoderDojo and has acts as a mentor for Google Summer of Code (GSOC) projects supported by the Python Software Foundation
----
This talk was presented at the @OWASPLondon on April 18th, 2024 kindly hosted by ThoughtMachine and sponsored by @CheckmarxOfficial
--
Do you want to attend OWASP London meetups in person? Follow OWASPLondon on LinkedIN/Meetup/EventBrite/Facebook/Twitter.
Please SUBSCRIBE to this channel so you get notified when new videos are published
#OWASP #OWASPLondon #SCA #AppSec
4 ماه پیش
در تاریخ 1403/02/01 منتشر شده
است.
138
بـار بازدید شده