Dates
Conferences
Tags
Sort by:
Most recent
Conference: KubeCon + CloudNativeCon North America 2022
Authors: Sophie Wigmore, Frankie Gallina-Jones
2022-10-28
tldr - powered by Generative AI
The importance of generating Software Bill of Materials (S-BOMs) for containerized applications and the need for multiple snapshots throughout development to detect potential tampering, new versions, or changes in dependencies.
- S-BOMs for containerized applications can detect unexpected changes in the contents of a software application which can indicate potential tampering, new versions, or changes in dependencies.
- Generating an S-BOM creates a snapshot of the components of a container at a specific time during the development process.
- Multiple snapshots throughout development are necessary to detect any changes that may introduce new risks.
- S-BOMs should be stored alongside the image it was generated for and published to a registry.
- The question of when to generate S-BOMs is important to consider as it can affect the detection of potential risks.
Conference: SupplyChainSecurityCon 2022
Authors: Katie Bratman, Adam kojak
2022-06-21
The proliferation of medical devices in healthcare environments and the reliance on third-party components in modern software design catalyzed NewYork-Presbyterian’s engagement in Software Bill of Materials (SBOM) initiatives. SBOMs provide new transparency that is essential for mitigating the risks associated with diverse software in today’s enterprise.Organizations, regardless of size or industry vertical, require a complete inventory of software, full visibility into underlying components, and comprehensive insight into vulnerabilities. NYP has developed an open source platform that provides this essential visibility and insight.Join this session to learn more about NYP’s use of SBOMs in action!
Conference: KubeCon + CloudNativeCon North America 2021
Authors: Nisha Kumar
2021-10-13
tldr - powered by Generative AI
The presentation discusses the use of S-BOMs and container images in DevOps and cybersecurity, and the challenges in ensuring reproducibility and repeatability in container builds.
- The speaker highlights the importance of using S-BOMs and container images in DevOps and cybersecurity.
- The speaker demonstrates the use of BuildKit and TUF to ensure reproducibility and repeatability in container builds.
- The speaker also discusses the need for changes in the OCI image and distribution specs to support artifact management.
- The presentation includes a demo of building and signing container images and S-BOMs using BuildKit, TUF, and Cosign.
Conference: OWASP 20th Anniversary Event
Authors: Wendy Nather
2021-09-24
tldr - powered by Generative AI
The presentation discusses the limitations and challenges of using software bill of materials (S-BOMs) in cybersecurity and DevOps.
- Automating the matching of vulnerabilities and exploits with threat intelligence and blocking them is not feasible as customers may not trust the organization to do it.
- Not all customers know enough about their software to determine if it is safe to block something.
- Partial remediation and tracking the timeline of remediation can be challenging.
- Social graphs and tracing components may not be useful if customers do not know what to do with the information.
- Consumers in the middle of the supply chain need to decide the depth at which they can investigate something and owe answers to downstream customers and partners.
- The limits of S-BOMs and the knowledge that can be obtained from them should be considered.
- SAS providers may not provide S-BOMs for their products.