October 25, 2021

S2E4: Dr. Allan Friedman - CISA - SBOM and the Art of Possible

Listen Later

23 minutes

For those unaware, what exactly is an SBOM, and why is it so important?

One of the presentations you gave mentioned that software supply chain attacks shouldn't be discussed as "emerging threats" - these really have been going on for years. Why do you think we still talk about it as an emerging threat or something novel?

We know you've recently talked about an effort dubbed "VEX" which seeks to add context to SBOM information. How is this valuable and how can it be used to reduce risk?

What would you say are the top 3 things that organizations could do today to be aware of in regards to software supply chain attacks?

In regards to SBOMs for complex environments such as SaaS where you have several parties involved and interdependencies, how do you see the SBOM evolving in that space?

How do you see organizations operationalizing SBOM's from a Cyber practitioner perspective? How will it fit in to a robust cybersecurity program?

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Resilient Cyber

By Chris Hughes

4.9

1616 ratings

October 25, 2021

S2E4: Dr. Allan Friedman - CISA - SBOM and the Art of Possible

Listen Later

23 minutes

For those unaware, what exactly is an SBOM, and why is it so important?

One of the presentations you gave mentioned that software supply chain attacks shouldn't be discussed as "emerging threats" - these really have been going on for years. Why do you think we still talk about it as an emerging threat or something novel?

We know you've recently talked about an effort dubbed "VEX" which seeks to add context to SBOM information. How is this valuable and how can it be used to reduce risk?

What would you say are the top 3 things that organizations could do today to be aware of in regards to software supply chain attacks?

In regards to SBOMs for complex environments such as SaaS where you have several parties involved and interdependencies, how do you see the SBOM evolving in that space?

How do you see organizations operationalizing SBOM's from a Cyber practitioner perspective? How will it fit in to a robust cybersecurity program?

...more

More shows like Resilient Cyber

Hacked by Hacked

Hacked

184 Listeners

Risky Business by Patrick Gray

Risky Business

375 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

637 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,017 Listeners

The Application Security Podcast by Chris Romeo and Robert Hurlbut

The Application Security Podcast

36 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,010 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

175 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

73 Listeners

Cloud Security Podcast by Cloud Security Podcast Team

Cloud Security Podcast

57 Listeners

All-In with Chamath, Jason, Sacks Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks Friedberg

9,830 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

134 Listeners

CISO Tradecraft® by G Mark Hardy & Ross Young

CISO Tradecraft®

48 Listeners

AI Security Podcast by Kaizenteq Team

AI Security Podcast

4 Listeners