Artwork

תוכן מסופק על ידי Reimagining Cyber. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Reimagining Cyber או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !

Unpacking SBOMs: The Building Blocks of Software Security - Ep 103

33:11
 
שתפו
 

Manage episode 425678018 series 3361845
תוכן מסופק על ידי Reimagining Cyber. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Reimagining Cyber או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

In this episode, Stan Wisseman and Rob Aragao welcome Justin Young to explore the transformative role of Software Bill of Materials (SBOMs) in enhancing software supply chain security. Justin shares his extensive experience and insights into how SBOMs contribute to the maturation of the software industry, drawing parallels with the auto and food industries' approaches to defect and ingredient tracking.

The discussion delves into the regulatory landscape, highlighting the FDA's SBOM requirements for medical devices, the U.S. National Cybersecurity Strategy, and various compliance mandates from CISA, DORA, PCI, and the EU CRA. Justin explains the importance of shifting liability to software vendors and away from end users and open-source developers, emphasizing the need for actively maintained and secure software components.

Listeners will gain an understanding of the different SBOM formats, Cyclone DX and SPDX, and their respective advantages. Justin also addresses the challenges organizations face in managing SBOMs, including procurement, validation, and the necessity of a dedicated SBOM program manager.

Finally, the episode explores the practicalities of SBOM implementation, from storage and cataloging to enrichment and vulnerability management, offering a comprehensive guide for organizations aiming to bolster their software security practices.

Tune in to learn how SBOMs are reshaping the software industry, driving transparency, and enhancing security across software supply chains.
Relevant Links:
Episode 88: Open-Source Software: Unlocking efficiency and innovation

Episode 41: Do a little dance, Time for some SLSA

Episode 26: Log4j Vulnerabilities: All you need to know and how to protect yourself

Episode 4: SolarWinds: Bringing down the building… Software Supply-Chain Pressure Points

Whitepaper: The need for a Software Bill of Materials

Software Supply Chain Hub page

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

  continue reading

122 פרקים

Artwork
iconשתפו
 
Manage episode 425678018 series 3361845
תוכן מסופק על ידי Reimagining Cyber. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Reimagining Cyber או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

In this episode, Stan Wisseman and Rob Aragao welcome Justin Young to explore the transformative role of Software Bill of Materials (SBOMs) in enhancing software supply chain security. Justin shares his extensive experience and insights into how SBOMs contribute to the maturation of the software industry, drawing parallels with the auto and food industries' approaches to defect and ingredient tracking.

The discussion delves into the regulatory landscape, highlighting the FDA's SBOM requirements for medical devices, the U.S. National Cybersecurity Strategy, and various compliance mandates from CISA, DORA, PCI, and the EU CRA. Justin explains the importance of shifting liability to software vendors and away from end users and open-source developers, emphasizing the need for actively maintained and secure software components.

Listeners will gain an understanding of the different SBOM formats, Cyclone DX and SPDX, and their respective advantages. Justin also addresses the challenges organizations face in managing SBOMs, including procurement, validation, and the necessity of a dedicated SBOM program manager.

Finally, the episode explores the practicalities of SBOM implementation, from storage and cataloging to enrichment and vulnerability management, offering a comprehensive guide for organizations aiming to bolster their software security practices.

Tune in to learn how SBOMs are reshaping the software industry, driving transparency, and enhancing security across software supply chains.
Relevant Links:
Episode 88: Open-Source Software: Unlocking efficiency and innovation

Episode 41: Do a little dance, Time for some SLSA

Episode 26: Log4j Vulnerabilities: All you need to know and how to protect yourself

Episode 4: SolarWinds: Bringing down the building… Software Supply-Chain Pressure Points

Whitepaper: The need for a Software Bill of Materials

Software Supply Chain Hub page

Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via reimaginingcyber@gmail.com

  continue reading

122 פרקים

כל הפרקים

×
 
Loading …

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

 

מדריך עזר מהיר