Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Content provided by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Similar to Unsolicited Response
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Daily update on current cyber security threats
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
SBOMs & CycloneDX with Steve Springett
Manage episode 375077070 series 2525086
Content provided by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Steve Springett is the Chair of the OWASP CycloneDX Core Working Group. CycloneDX is one of the two main machine readable formats that SBOMs are being created in, although CycloneDX can capture all sorts of BOMs.
In this episode we assume listeners know what a SBOM is and why it might be desired by a vendor and asset owner. The beginning of the show we cover some basics of CycloneDX
If you know the basics, skip to 14:24 where we get into the details
- Statistics on who is generating and using CycloneDX SBOMs, and the impact of governement regulations on the use.
- Steve's view of the NTIA Minimum Elements for SBOM v. CycloneDX elements.
- How CycloneDX tries to capture the completeness of and confidence in the SBOM.
- The naming problem. CPE, CVE, NVD, SWID, PURL and more. Steve describes the problem and what he thinks is the way forward.
- Vulnerabilities ... and why Steve thinks VEX is a missed opportunity.
- Outdated component analysis (this could be very useful in a procurement decision)
- and more
Links
CycloneDX document: Authoritative Guide To SBOM
ICS-Patch (what to patch when in ICS / risk based decision tree)
52 episodes
Share
Manage episode 375077070 series 2525086
Content provided by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Steve Springett is the Chair of the OWASP CycloneDX Core Working Group. CycloneDX is one of the two main machine readable formats that SBOMs are being created in, although CycloneDX can capture all sorts of BOMs.
In this episode we assume listeners know what a SBOM is and why it might be desired by a vendor and asset owner. The beginning of the show we cover some basics of CycloneDX
If you know the basics, skip to 14:24 where we get into the details
- Statistics on who is generating and using CycloneDX SBOMs, and the impact of governement regulations on the use.
- Steve's view of the NTIA Minimum Elements for SBOM v. CycloneDX elements.
- How CycloneDX tries to capture the completeness of and confidence in the SBOM.
- The naming problem. CPE, CVE, NVD, SWID, PURL and more. Steve describes the problem and what he thinks is the way forward.
- Vulnerabilities ... and why Steve thinks VEX is a missed opportunity.
- Outdated component analysis (this could be very useful in a procurement decision)
- and more
Links
CycloneDX document: Authoritative Guide To SBOM
ICS-Patch (what to patch when in ICS / risk based decision tree)
52 episodes
Όλα τα επεισόδια
×
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Similar to Unsolicited Response
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
BBC Radio 5 live’s award winning gaming podcast, discussing the world of video games and games culture.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
Daily update on current cyber security threats
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
