Log4Shell and SpringShell served as poignant reminders that a substantial portion of the code integrated into our systems does not originate from us, emphasizing the significant responsibility placed on the maintainers we rely on.
The issuance of Executive Order 140028 by the US President brought the imperative need for bolstering the nation's cybersecurity into the public spotlight. This directive marked the inception of the SBOM frenzy, which gained further momentum with the introduction of the Securing Open Source Software Act of 2022 by Congress. As if that was not enough, the EU joined the movement toward supply chain security with the release of the NIS2 directive.
Fantastic! We now possess the ultimate solution to address all supply chain issues: the Software Bill Of Materials (SBOM). Does this mean our work is complete?
Regrettably, that is not the case. Effectively harnessing the power of SBOMs necessitates acquiring knowledge about:
This session will address each of these questions comprehensively. We will delve into the inner workings of SBOMs and elucidate how they facilitate more efficient vulnerability resolution compared to dependency scanning.
Additionally, we will explore how SBOMs offer broader protection. We will also discuss where SBOMs fit within your DevSecOps pipeline and the valuable intelligence they can offer to various stakeholders within your organization, ranging from technical to legal domains.
The practical examples presented will focus on the following: