Explore the concept of Software Bill of Materials (SBOM) and its potential to enhance transparency in the software supply chain in this 30-minute Black Hat conference talk. Delve into the US Department of Commerce's multistakeholder initiative aimed at making SBOM a reality without government regulation. Examine the benefits of SBOM from various perspectives, address challenges in implementation, and discuss the relationship between transparency and vulnerability. Learn about SBOM standards, the medical device industry's approach, and obstacles to achieving transparency. Gain insights into the next steps for advancing SBOM adoption and participate in a Q&A session to further understand this crucial aspect of software security and supply chain management.
Transparency in the Software Supply Chain - Making SBOM a Reality
Overview
Syllabus
Introduction
Welcome
Who knows this logo
How business works
Why not for software
Benefits for each perspective
The fundamental question
Licensing is fraught
Its hard
DNS
NTIA
What we are not doing
Problem Statement
Goal
Progress
What is NS
Relationships
Recursive approach
SBOM Standards
SBOM XML
Medical Device Industry
Obstacles to Transparency
What is Transparency
Vulnerability vs Exploitability
Next Steps
Questions
Taught by
Black Hat
