A software bill of materials (SBOM), like any other security feature, won't solve all our problems. But greater transparency in the software supply chain will 1) support more secure software development, 2) enable more informed decisions around software selection and purchase, and 3) allow organizations to respond much more quickly and efficiently respond to new vulnerabilities.
This webinar will review the basics of SBOM, and use the recent log4j vulnerability to understand how SBOM can help—and also understand its limits. We'll close by offering some perspectives on how SBOM and related transparency efforts will grow and evolve in 2022 and beyond.
Dr. Allan Friedman is a Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency in the US Government. He coordinates the global cross-sector community efforts around software bill of materials (SBOM), and works to advance its adoption inside the US government. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard's Computer Science department, the Brookings Institution, and George Washington University's Engineering School. He is the co-author of the popular text "Cybersecurity and Cyberwar: What Everyone Needs to Know," has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.
Anoop is a Sr. Solution Engineer at Traceable AI with more than 15 years of experience in risk management, compliance, and privacy. In addition, Anoop is a father, runner, music fanatic (listen to and play music) and loves trekking, trailing, and pretending to meditate.
