Fighting software vulnerabilities with software bill of materials
Especially in recent years, several attacks on the software supply chain, like the SolarWinds attack or the ongoing Log4j vulnerability, made it clear that our complex software ecosystems are hard to understand and even harder to keep secure. The software bill of material aims at solving this problem. In this episode, Barak Brudo explains what a software bill of material is and why they are important for security and to reduce vulnerabilities. I also question if we are ever going to be able to reach a state where SBOMs are part of every software or library. We also talk about: - security and software regulations like the software bill of materials - software license poisoning - what to do when you face a security breach - human engineering attacks like 2FA fatigue
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Earn additional income by sharing your opinion on userinterviews.com!
Episode Resources:
Executive Order on Improving the Nation’s Cybersecurity
Alpha-Omega Projects
Cybersecurity & Infrastructure Security Agency (Cisa)
Tools to create SBOM
About Barak Brudo
Barak Brudo helps organizations secure their software supply chain. He works as a Developer Relations Advocate at Scribe Security.