Overview
Learn about software supply chain security in this 22-minute conference talk that explores the critical relationship between Software Bill of Materials (SBOM) and Vulnerability Exploitability eXchange (VEX) documents. Discover how these tools work together to enhance risk management and reduce attack vectors in software development. Explore the comprehensive nature of SBOMs in detailing components, libraries, and dependencies within software packages, while understanding VEX's role as a communication standard for vulnerability information. Gain insights into trustification.io, Red Hat's Trusted Profile Analyzer foundation, which provides developers access to curated builds and hardened open-source libraries verified through provenance checks. Master the implementation of these security measures to effectively mitigate dependency threats and strengthen your software supply chain security practices.
Syllabus
Connecting the Dots: SBOM and VEX in Software Security - Rajan Ravi, RedHat India Pvt. Ltd.
Taught by
OpenSSF