Dates
Conferences
Tags
Sort by:
Most recent
Conference: SupplyChainSecurityCon 2022
Authors: Josh Bressers
2022-06-21
tldr - powered by Generative AI
The presentation discusses the importance of understanding the order of steps in supply chain management and the need to prioritize solutions based on the problem at hand.
- Understanding the order of steps in supply chain management is crucial to effectively addressing problems
- Prioritizing solutions based on the problem at hand is more effective than blindly implementing solutions
- The speaker shares an anecdote about the challenges of vulnerability scanning and the importance of building a vulnerability management system
- The speaker emphasizes the importance of having an S-bomb as the foundation of supply chain management
Conference: OWASP 20th Anniversary Event
Authors: Wendy Nather
2021-09-24
tldr - powered by Generative AI
The presentation discusses the limitations and challenges of using software bill of materials (S-BOMs) in cybersecurity and DevOps.
- Automating the matching of vulnerabilities and exploits with threat intelligence and blocking them is not feasible as customers may not trust the organization to do it.
- Not all customers know enough about their software to determine if it is safe to block something.
- Partial remediation and tracking the timeline of remediation can be challenging.
- Social graphs and tracing components may not be useful if customers do not know what to do with the information.
- Consumers in the middle of the supply chain need to decide the depth at which they can investigate something and owe answers to downstream customers and partners.
- The limits of S-BOMs and the knowledge that can be obtained from them should be considered.
- SAS providers may not provide S-BOMs for their products.