Explore the critical importance of Software Bill of Materials (S-BoM) in managing third-party and open source component risks in this 36-minute conference talk from AppSecCali 2019. Delve into best practices for systematic risk reduction while maintaining the benefits of external components. Learn how to create S-BoM documents in polyglot build environments and leverage OWASP Dependency-Track for automated identification of outdated and vulnerable components. Discover strategies for automating responses to specific security events and gain insights into emerging standards and government initiatives shaping the future of component risk management. Presented by Steve Springett, Senior Security Architect at ServiceNow, this talk offers practical examples and demonstrations for implementing effective risk identification and remediation strategies with minimal effort.
Software Bill of Materials (S-BoM) - Reducing Risk in Third-Party Components
Overview
Syllabus
AppSecCali 2019 - BoMs Away - Why Everyone Should Have a BoM - Steve Springett
Taught by
OWASP Foundation
Related Courses
-
Supply Chain Risk Management with OWASP Dependency-Check
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
-
OWASP CycloneDX - Software Bill of Materials Standard
-
Managing Vulnerability Response Dependencies in Third-Party Components - AppSecCali 2019
-
SBOM SmackDown - Conquering Software Supply Chain Risks with OWASP CycloneDX
-
Measure and Improve Software Supply Chain Assurance with OWASP SCVS
