Go offline with the Player FM app!
Tony Turner -- Threat Modeling and SBOM
Manage episode 362353946 series 2892775
Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.
Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.
Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just on individuals or individual businesses. We discuss the four-step process of consequence-driven CIE. The conversation also addresses the challenges in communicating SBOM information, the importance of demanding transparency from suppliers, and the need to place trust in trusted third-party attestations.
Follow up:
- Research tools for integrating SBOMs into threat modeling
- Explore methods of communicating SBOM information
- Investigate Cyber Informed Engineering and Consequence-Driven principles in more detail
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
259 episodes
Manage episode 362353946 series 2892775
Have you ever considered using an SBOM to inform your threat modeling? Tony Turner has. Tony joins us to discuss SBOMs, threat modeling, and the importance of Cyber Informed Engineering.
Tony delves into the SBOM (Software Bill of Materials) concept, highlighting their value proposition in identifying vulnerabilities, demonstrating compliance with software licenses, and informing M&A activities and incident response indicators related to cyberattacks. We also explore the integration of SBOMs into the system engineering process and security engineering.
Tony further introduces the concept of Consequence-Driven Cyber Informed Engineering, which emphasizes understanding the potential consequences of cyberattacks on critical infrastructure rather than just on individuals or individual businesses. We discuss the four-step process of consequence-driven CIE. The conversation also addresses the challenges in communicating SBOM information, the importance of demanding transparency from suppliers, and the need to place trust in trusted third-party attestations.
Follow up:
- Research tools for integrating SBOMs into threat modeling
- Explore methods of communicating SBOM information
- Investigate Cyber Informed Engineering and Consequence-Driven principles in more detail
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
259 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.