Explore the critical aspects of software supply chain security and transparency in this SIGSOFT webinar. Delve into the concept of Software Bill of Materials (SBOM) and its role in building a trusted software supply chain (TSSC). Examine recent progress in SBOM generation and consumption, vulnerability management, and supply chain attack prevention. Gain insights into silent vulnerability bug reports and fixes identification, vulnerability detection, and CVE improvement. Learn about future directions for TSSC and the challenges that persist in the field. Benefit from the expertise of Dr. Xin Xia, director of the software engineering application technology lab at Huawei, as he shares his research on intelligent software engineering, mining software repositories, and empirical software engineering. Engage with moderator Dr. Xing Hu, assistant professor at Zhejiang University, specializing in intelligent software engineering and software supply chain management.
From SBOM to Trusted Software Supply Chain - How Far Are We?
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
What is SBOM?
SBOM Ecosystem: Dedicated to Standardizing SBOMs and Building a Data Foundation a Secure Software Supply Chain
Response to the Vulnerability in Log4j: Continuously Enhance Community Governanc Capabilities Centering on Vulnerability Awareness, Locating, and Remediation
Poisoning Attacks Bring Huge Risks to the Software Supply Chain
Challenges in the Trustworthy Software Supply Chain Still Persist
An Overview of Trustworthy Software Supply Chain Solution
Security Vulnerability Disclosure Models
Early Awareness of Security Vulnerabilities is Unavailable
Early Awareness of Critical Vulnerabilities Based on Contrastive Learni
Early Detection Technology for Security Defect Reports (MemVul)
Proactive Vulnerability Discovery by Scanning Similar Vulnerability Features
Correct the Version Information of Software with CVEs
CVE Fixing Patch Identification
Locate Components with CVEs
Package Name Confusion Detection
Community Monitoring and Risk Control Technologies
Early Detection of High-Risk Vulnerabilities
Binary Vulnerability Scanning for Open Source Software
Effective Malicious Code Identification
Next Step: Software Asset Management
Taught by
Association for Computing Machinery (ACM)
Related Courses
-
Supercharge Your Software Supply Chain Security Strategy with Multi-SBOM Integration
-
Infusing Security Into the Application Development Process
-
Beyond the Code - SBOM and Supply Chain Security
-
Transparency in the Software Supply Chain - Making SBOM a Reality
-
SBOM SmackDown - Conquering Software Supply Chain Risks with OWASP CycloneDX
-
Scaling Software Supply Chain Source Security in Large Enterprises
