July 19, 2023

EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges

33 minutes

In this episode of the Future of Application Security, Harshil speaks with Steve Springett. They discuss the broad definition of what software supply chain security is, the implementation of SBOMs after the White House's Executive Order, and how organizations can effectively adopt, operationalize, and use SBOMs. They also discuss the biggest drivers for better software supply chain security, why you need to manage more than just vulnerabilities, and how organizations can start chipping away at their software security chain problems.

Topics discussed:

Steve's broadly encompassing definition of software supply chain security.

How organizations scrambled to adopt and operationalize SBOMs after the White House's Executive Order, and why Steve started SCVS (OWASP Software Component Verification Standard) as a response.

Why software supply chain security goes beyond just understanding and addressing your vulnerabilities, but should include knowing your inventory, and the pedigree and provenance of your assets.

Why SBOMs have suddenly gained in popularity, likely because of supply chain attacks and breach fatigue and the need for better solutions.

What to do with an SBOM: how do you share it, how can you request it at scale, how can you analyze it, and what do you do with it once you have it.

How to address the vulnerabilities that are listed in an SBOM that will remain unexploitable, and how to ensure the customer experience isn't negatively impacted by that list.

How machine learning may play a role in better understanding risk across the software supply chain.

Why capitalism and customer demand will be the biggest driver in pushing forward advancements in software supply chain security.

...more

View all episodes

By Tromzo

44 ratings

July 19, 2023

EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges

33 minutes

Topics discussed:

Steve's broadly encompassing definition of software supply chain security.

How organizations scrambled to adopt and operationalize SBOMs after the White House's Executive Order, and why Steve started SCVS (OWASP Software Component Verification Standard) as a response.

Why software supply chain security goes beyond just understanding and addressing your vulnerabilities, but should include knowing your inventory, and the pedigree and provenance of your assets.

Why SBOMs have suddenly gained in popularity, likely because of supply chain attacks and breach fatigue and the need for better solutions.

What to do with an SBOM: how do you share it, how can you request it at scale, how can you analyze it, and what do you do with it once you have it.

How to address the vulnerabilities that are listed in an SBOM that will remain unexploitable, and how to ensure the customer experience isn't negatively impacted by that list.

How machine learning may play a role in better understanding risk across the software supply chain.

Why capitalism and customer demand will be the biggest driver in pushing forward advancements in software supply chain security.

...more

Share EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges

Sign up to save your podcasts

EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges

EP 40 — Steve Springett on Solving Software Supply Chain Security and SBOM Challenges