Wondering what all the hype about Software Bill of Materials or SBOMs is? They’ve become a regular talking point when discussing the composition of software, and if you haven’t heard of them yet, you surely will soon. Join DJ Schleen as he interviews experts who shed light on what Software Bill of Materials are, how they are used by organizations to exchange information on software composition, and the effect they will have on consumers of software from large organizations to government agen ...
…
continue reading
1
Lauren Hanford on Add TACOS to your SBOM Combo Platter
25:28
25:28
Play later
Play later
Lists
Like
Liked
25:28
Remember the X-Files television show? Dana Scully was one of the main characters - a brilliant FBI agent who worked on unsolved cases involving paranormal phenomena. Often skeptical of the supernatural, she was always willing to keep an open mind, and she was also a great role model. She inspired many women in Technology, one of them being Lauren H…
…
continue reading
1
Hasan Yasar on The Multiverse of SBOM Phases
28:56
28:56
Play later
Play later
Lists
Like
Liked
28:56
There's no better way to get to know someone than staying awake for 24 hours straight while moderating sessions of the world's biggest virtual DevOps conference - All Day DevOps. It's One of the many times I've gotten to spend with Hasan Yasar over the years. We were hunkered down in an office in Tyson's Corner, just outside of Washington, DC, broa…
…
continue reading
1
Trac Bannon on the connection between Generative AI, LLM and SBOMs
27:25
27:25
Play later
Play later
Lists
Like
Liked
27:25
I'll never forget the day I met Tracy, although I really think we were actually separated at birth. We were scheduled to be on a podcast together and after introducing ourselves to each other in the call lobby, we began a discussion that most likely would've gone on forever at the host, not interrupted us to get the show started. It turns out we bo…
…
continue reading
1
Philippe Ombredanne on SBOMs, SCA and PURLs. Oh my!
35:55
35:55
Play later
Play later
Lists
Like
Liked
35:55
It must have been a year or so ago when I was looking for an open source vulnerability scanner to use in a project I was working on. As I scoured the internet, I stumbled upon a project called "VulnerableCode" - a server that could run locally and would return vulnerability information if you called its API and gave it a Purl. What's a Purl? It's a…
…
continue reading
1
Tim Miller on Do You Want Some GUAC with that SLSA?
29:44
29:44
Play later
Play later
Lists
Like
Liked
29:44
I read an interesting post on Twitter the other day about Software Bill of Materials. The author said "SBOMs promise a picture of what lies beneath the surface of software, but without large scale automated binary analysis, at best, they reflect intent not reality. As a result, relying on them is like being an explorer without a compass." The autho…
…
continue reading
1
Dan Walsh on Practical Use from a CISO in Healthcare
26:15
26:15
Play later
Play later
Lists
Like
Liked
26:15
Every one of us has a few of those people in our lives that change the trajectory of our careers, and for me, Dan Walsh is one of them. It was just a few weeks after the world shut down during the pandemic when I was introduced to Dan by a mutual friend of ours - Aaron Rinehart - after Aaron heard I was looking for my next big adventure. He introdu…
…
continue reading
1
Brian Reed on Reverse Engineering Software with SBOM
21:18
21:18
Play later
Play later
Lists
Like
Liked
21:18
I remember being pushed back into my seat with a force I had never felt before. It was the first time I had ever been in an electric car, and Brian Reed was at the steering wheel with this big smile on his face as we went from 0 to 60 in about 3 seconds. It was just one of the many memorable experiences that I've had while spending time with Brian …
…
continue reading
Earlier this year I had the opportunity to attend a software supply chain summit and meet Lisa Bradley, Senior Director of Product and Application Security at Dell. Lisa had a point of view that was different from the people I talked to about SBOMs in the past. It was big picture practical view of how to implement an SBOM initiative at scale - for …
…
continue reading
I often can't get over how small the world actually is. Earlier this year, I attended the Second Annual SBOM meetup after the first day of the RSA conference. The venue was at a little bar on Minna Street, tucked away underneath the skyscrapers of San Francisco. The bar was filled with quite a few familiar faces and after grabbing a cold beer, a ha…
…
continue reading
1
Brian Fox and the Creation of Open Source Repos
30:16
30:16
Play later
Play later
Lists
Like
Liked
30:16
As the video connects I see Brian Fox, sitting in front of a collection of model spacecraft which adorn the shelves behind him. It's a fitting backdrop for a conversation about the genesis of the software supply chain problem, and how exploration and discovery has led us to where we are as an industry today. Think about this, it all started when we…
…
continue reading
1
Chris Hughes on Government and Cybersecurity: Where do we stand?
21:03
21:03
Play later
Play later
Lists
Like
Liked
21:03
I’m not the most active user of any social networking platform, but when I do engage it’s normally on LinkedIn - and the first thing I usually see is a great article, video, or post from Chris Hughes. He’s a content machine - an active podcaster, and I can tell you that when his upcoming book "Software Transparency," is released, I’ll be the first …
…
continue reading
1
What's VEX got to do, got to do with it? - Guest: Steve Springett
23:56
23:56
Play later
Play later
Lists
Like
Liked
23:56
Seems like every time I talk to someone or do research on Software Bill of Materials, I encounter VEX - Vulnerability Exploitability eXchange - and I never really understood what they were used for. I knew they had something to do with understanding the vulnerabilities that exist inside the components we list inside of an SBOM, but why does the for…
…
continue reading
1
Where do we put these things? Guest: Daniel Bardenstein
24:31
24:31
Play later
Play later
Lists
Like
Liked
24:31
Back in February, I posted that I was putting together a Podcast to help demystify Software Bill of Materials. Shortly afterwards - a reply appeared from Daniel Bardenstein. It was a simple message where he said that he'd love to talk about operationalizing and deriving value from SBOMs. This piqued my interest - because the question of what we do …
…
continue reading
1
Behind the scenes with an SPDX Contributor - Guest: Maximillian Huber
20:48
20:48
Play later
Play later
Lists
Like
Liked
20:48
As we continue the journey to unravel the world of Software Bill of Materials, I wanted to talk to a technologist who had been there from the start - and could shed some light on the background of the movement. The search for such a person led me to the South German State of Bavaria, where I found Max Huber. Max has been a contributor to the SPDX p…
…
continue reading
1
It's all about Trust... Guest: Shannon Lietz
28:15
28:15
Play later
Play later
Lists
Like
Liked
28:15
It was back in early 2017 when an annual tradition started in a hickory smoke filled lounge in San Francisco. I'd found myself at B-55 in the Marriott Marquis sitting around a large table after her day of presentations at the RSA Conference. Surrounding me were some of the originators of DevOps, thought leaders from the Rugged Movement, horseman fr…
…
continue reading
A package of Twinkies is a permanent fixture on Allan Friedman's desk, which he holds up to the screen during our conversation. A prime example of the underlying purpose of a Software Bill of Materials. The significance? The ingredient list on the package which lets you know what's inside. I always use the can of beans analogy myself - but the Twin…
…
continue reading
1
Exchanging BOM data with DBOM - Guest: Chris Blask
24:38
24:38
Play later
Play later
Lists
Like
Liked
24:38
When the video call finally connected, I saw glitching Chris Blask sitting behind a studio mic, and in the background an open door revealed what appeared to be a lake - with sun glistening across the water. For a brief moment, I thought Chris was working near a dock, but in fact, he was actually working on a boat. A boat in the middle of the waterw…
…
continue reading
1
The CycloneDx SBOM Format - Guest: Steve Springett
30:35
30:35
Play later
Play later
Lists
Like
Liked
30:35
I'm DJ Schleen and welcome to daBOM. I'm on a journey to demystify Software Bill of Materials and on this podcast I'll be investigating technical, regulatory, and practitioner stories in and around the SBOM and -BOM movement. Along the way you'll meet the people and teams responsible for creating and maintaining the various Software Bill of Materia…
…
continue reading
Today’s software is extremely complex – and with the pervasive use of third-party components, it’s become extremely difficult for anyone to keep track of all the external code in their systems. Pieces of code that aren’t written by your own developers. These components are assembled by engineers and can potentially make up the majority of the softw…
…
continue reading