Artwork

Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

An SBOM Fable

37:17
 
Share
 

Manage episode 382668918 series 3425254
Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Join Chris, Matt, and Izar for a lively conversation about an article that offers 20 points of "essential details" to look for in a Software Bill of Materials (SBOM). They dissect and debate various points raised in the article, including generating SBOMs, the necessary components, and how to gauge the quality of this digital inventory. Their critique is both insightful and humorously candid, and they will offer you a tour through the often complex world of software documentation.
Hear about topics ranging from open source dependency tree, the necessity – or not – of manual SBOM generation, and the importance of a Vulnerability Exploitability Exchange (VEX) document alongside an SBOM. You will hear why they think an SBOM with a VEX can transform and simplify risk assessment procedures by providing clear and actionable insights for threat management.
Links:
Forbes: 20 Tech Experts Share Essential Details To Look For In An SBOM
https://www.forbes.com/sites/forbestechcouncil/2023/10/09/20-tech-experts-share-essential-details-to-look-for-in-an-sbom/

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

  continue reading

Chapters

1. An SBOM Fable (00:00:00)

2. 1. An Open-Source Dependency Tree (00:02:06)

3. 2. A Library with Version Numbers (00:04:55)

4. 3 & 4. Details on Updates and A List of Third-Party Components (00:09:50)

5. 8. Whether the SBOM is Generated Dynamically or Manually (00:13:14)

6. 9. The Encryption Protocol and Library (00:20:02)

7. 10. Data Residency (00:23:32)

8. 16. How Many and Which Functions Are Enabled (00:25:46)

9. 13. How Long It Takes To Receive the SBOM (00:27:23)

10. 18. The Delivery Address (00:30:22)

11. 20. The Final Price (00:32:37)

12. 19. A VEX Document (00:34:17)

66 episodes

Artwork

An SBOM Fable

The Security Table

published

iconShare
 
Manage episode 382668918 series 3425254
Content provided by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Izar Tarandach, Matt Coles, and Chris Romeo, Izar Tarandach, Matt Coles, and Chris Romeo or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Join Chris, Matt, and Izar for a lively conversation about an article that offers 20 points of "essential details" to look for in a Software Bill of Materials (SBOM). They dissect and debate various points raised in the article, including generating SBOMs, the necessary components, and how to gauge the quality of this digital inventory. Their critique is both insightful and humorously candid, and they will offer you a tour through the often complex world of software documentation.
Hear about topics ranging from open source dependency tree, the necessity – or not – of manual SBOM generation, and the importance of a Vulnerability Exploitability Exchange (VEX) document alongside an SBOM. You will hear why they think an SBOM with a VEX can transform and simplify risk assessment procedures by providing clear and actionable insights for threat management.
Links:
Forbes: 20 Tech Experts Share Essential Details To Look For In An SBOM
https://www.forbes.com/sites/forbestechcouncil/2023/10/09/20-tech-experts-share-essential-details-to-look-for-in-an-sbom/

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel

Thanks for Listening!

  continue reading

Chapters

1. An SBOM Fable (00:00:00)

2. 1. An Open-Source Dependency Tree (00:02:06)

3. 2. A Library with Version Numbers (00:04:55)

4. 3 & 4. Details on Updates and A List of Third-Party Components (00:09:50)

5. 8. Whether the SBOM is Generated Dynamically or Manually (00:13:14)

6. 9. The Encryption Protocol and Library (00:20:02)

7. 10. Data Residency (00:23:32)

8. 16. How Many and Which Functions Are Enabled (00:25:46)

9. 13. How Long It Takes To Receive the SBOM (00:27:23)

10. 18. The Delivery Address (00:30:22)

11. 20. The Final Price (00:32:37)

12. 19. A VEX Document (00:34:17)

66 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide