SBOM: Where We’ve Come From, and Where We’re Going

Across the security world, there’s a growing appreciation about the need to better understand our software supply chain. Transparency won’t solve all our problems, but will lay a foundation for greater resilience and more informed decisions. This discussion will review the basics of SBOM, using the recent log4j vulnerability to understand how SBOM can help across the software ecosystem—and also understand its limits. We’ll also delve into the future of SBOM, exploring some of the gaps, where we need to focus to advance the state of the art. Our ultimate goal should be the integration of SBOM into the broader vulnerability and security data ecosystem through automation. Speakers: Allan Friedman, Senior Advisor and Strategist, CISA Kacy Zurkus, Content Strategist, RSA Conference