Sign up to save your podcasts
Or
Share Tony Turner -- Threat Modeling and SBOM
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Tony Turner -- Threat Modeling and SBOM
Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.
Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.
Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just on individuals or individual businesses. We discuss the four-step process of consequence-driven CIE. The conversation also addresses the challenges in communicating SBOM information, the importance of demanding transparency from suppliers, and the need to place trust in trusted third-party attestations.
Follow up:
- Research tools for integrating SBOMs into threat modeling
- Explore methods of communicating SBOM information
- Investigate Cyber Informed Engineering and Consequence-Driven principles in more detail
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
View all episodes
By Chris Romeo and Robert Hurlbut
5
3636 ratings
Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.
Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.
Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just on individuals or individual businesses. We discuss the four-step process of consequence-driven CIE. The conversation also addresses the challenges in communicating SBOM information, the importance of demanding transparency from suppliers, and the need to place trust in trusted third-party attestations.
Follow up:
- Research tools for integrating SBOMs into threat modeling
- Explore methods of communicating SBOM information
- Investigate Cyber Informed Engineering and Consequence-Driven principles in more detail
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
More shows like The Application Security Podcast
View all
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Page 94: The Private Eye Podcast
311 Listeners
Smashing Security
318 Listeners
Darknet Diaries
7,951 Listeners
Application Security Weekly (Audio)
11 Listeners
Application Security Weekly (Video)
4 Listeners
Cybersecurity Today
172 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
316 Listeners
Defense in Depth
77 Listeners
Cloud Security Podcast
59 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
43 Listeners