Explore runtime software component detection techniques in this insightful conference talk. Learn about the challenges of identifying vulnerable software components in operating environments, particularly those embedded in complex dependency chains. Discover how to leverage eBPF technology to detect specific software versions, such as Log4j and Spring Core, without initial application configurations. Gain knowledge on extracting crucial information from the Linux kernel during Java application execution and processing collected data to determine Java Archive details. Examine the implementation of a runtime Java component detector and its application in verifying vulnerable component usage within public container images. Understand the importance of SBOM (Software Bill of Materials) in light of recent security incidents and explore innovative approaches to enhance software security in runtime environments.
Zero-Configuration Runtime Software Component Detection
Overview
Syllabus
Zero-Configuration Runtime Software Component Detection - Inhyeok Jang
Taught by
Linux Foundation
Tags
Related Courses
-
Realities of SBOM - What Is Under the Hood of Software Bill of Materials
-
OWASP Dependency Track - Software Composition Analysis and Vulnerability Management
-
Open Source Software Supply Chain Security - Understanding Threats and Best Practices
-
SBOM: The Rest of the Story - Understanding Software Bill of Materials
-
From SBOM to Trusted Software Supply Chain - How Far Are We?
-
How to Prove the Safety of Your Software
