An SBOM Fable
Manage episode 382668918 series 3425254
Join Chris, Matt, and Izar for a lively conversation about an article that offers 20 points of "essential details" to look for in a Software Bill of Materials (SBOM). They dissect and debate various points raised in the article, including generating SBOMs, the necessary components, and how to gauge the quality of this digital inventory. Their critique is both insightful and humorously candid, and they will offer you a tour through the often complex world of software documentation.
Hear about topics ranging from open source dependency tree, the necessity – or not – of manual SBOM generation, and the importance of a Vulnerability Exploitability Exchange (VEX) document alongside an SBOM. You will hear why they think an SBOM with a VEX can transform and simplify risk assessment procedures by providing clear and actionable insights for threat management.
Links:
Forbes: 20 Tech Experts Share Essential Details To Look For In An SBOM
https://www.forbes.com/sites/forbestechcouncil/2023/10/09/20-tech-experts-share-essential-details-to-look-for-in-an-sbom/
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @SecTablePodcast
➜LinkedIn: The Security Table Podcast
➜YouTube: The Security Table YouTube Channel
Thanks for Listening!
Chapters
1. An SBOM Fable (00:00:00)
2. 1. An Open-Source Dependency Tree (00:02:06)
3. 2. A Library with Version Numbers (00:04:55)
4. 3 & 4. Details on Updates and A List of Third-Party Components (00:09:50)
5. 8. Whether the SBOM is Generated Dynamically or Manually (00:13:14)
6. 9. The Encryption Protocol and Library (00:20:02)
7. 10. Data Residency (00:23:32)
8. 16. How Many and Which Functions Are Enabled (00:25:46)
9. 13. How Long It Takes To Receive the SBOM (00:27:23)
10. 18. The Delivery Address (00:30:22)
11. 20. The Final Price (00:32:37)
12. 19. A VEX Document (00:34:17)
66 episodes