Dates
Conferences
Tags
Sort by:
Most recent
Conference: SupplyChainSecurityCon 2022
Authors: Katie Bratman, Adam kojak
2022-06-21
The proliferation of medical devices in healthcare environments and the reliance on third-party components in modern software design catalyzed NewYork-Presbyterian’s engagement in Software Bill of Materials (SBOM) initiatives. SBOMs provide new transparency that is essential for mitigating the risks associated with diverse software in today’s enterprise.Organizations, regardless of size or industry vertical, require a complete inventory of software, full visibility into underlying components, and comprehensive insight into vulnerabilities. NYP has developed an open source platform that provides this essential visibility and insight.Join this session to learn more about NYP’s use of SBOMs in action!
Conference: OWASP 20th Anniversary Event
Authors: Wendy Nather
2021-09-24
tldr - powered by Generative AI
The presentation discusses the limitations and challenges of using software bill of materials (S-BOMs) in cybersecurity and DevOps.
- Automating the matching of vulnerabilities and exploits with threat intelligence and blocking them is not feasible as customers may not trust the organization to do it.
- Not all customers know enough about their software to determine if it is safe to block something.
- Partial remediation and tracking the timeline of remediation can be challenging.
- Social graphs and tracing components may not be useful if customers do not know what to do with the information.
- Consumers in the middle of the supply chain need to decide the depth at which they can investigate something and owe answers to downstream customers and partners.
- The limits of S-BOMs and the knowledge that can be obtained from them should be considered.
- SAS providers may not provide S-BOMs for their products.