Overview
Explore the critical importance of Software Bill of Materials (S-BoM) in managing third-party and open source component risks in this 36-minute conference talk from AppSecCali 2019. Delve into best practices for systematic risk reduction while maintaining the benefits of external components. Learn how to create S-BoM documents in polyglot build environments and leverage OWASP Dependency-Track for automated identification of outdated and vulnerable components. Discover strategies for automating responses to specific security events and gain insights into emerging standards and government initiatives shaping the future of component risk management. Presented by Steve Springett, Senior Security Architect at ServiceNow, this talk offers practical examples and demonstrations for implementing effective risk identification and remediation strategies with minimal effort.
Syllabus
AppSecCali 2019 - BoMs Away - Why Everyone Should Have a BoM - Steve Springett
Taught by
OWASP Foundation