[BreachExchange] SBOM, CycloneDX and Dependency-Track – The Right Security
Destry Winant
destry at riskbasedsecurity.com
Fri Feb 26 11:11:15 EST 2021
https://www.riskbasedsecurity.com/2021/02/23/sbom-cyclonedx-and-dependency-track-the-right-security/
https://youtu.be/kZJFceAj3kA
Steve Springett, Senior Security Architect at ServiceNow, joins Jake Kouns,
CEO and CISO at Risk Based Security, to talk about the need for Software
Bill of Materials (SBOM), CycloneDX and the Dependency-Track project.
Steve has been at the forefront of helping organizations identify and
reduce risk from the use of third-party and open source components. He is
an open source advocate and leads the OWASP Dependency-Track project, OWASP
Software Component Verification Standard (SCVS) project, CycloneDX software
bill-of-material specification, and participates in several related
projects and working groups.
Check out this episode of The Right Security for key insights into the
strategy and specifics of developing secure software.
Show Notes
0:00 – Welcome and speaker introductions
1:30 – Defining SAST, DAST, IAST, SCA and SBOM
9:17 – The real difference between SBOM and SCA
12:00 – The importance of SBOM
14:41 – NTIA multi-stakeholder process for Software Component Transparency
20:17 – What is CycloneDX
24:37 – How CycloneDX is different
27:06 – What’s new in CycloneDX
30:45 – The PURL standard
34:00 – The relationship between CycloneDx and PURL
35:41 – What is Dependency-Track
38:42 – Dependency-Track and CycloneDX integration
41:31 – Using Dependency-Track over a commercial vendor solution
43:58 – Major updates in Dependency Track 4.0
47:15 – Closing thoughts
FURTHER READING
ServiceNow – The smarter way to workflow™
CycloneDX Software Bill of Materials (SBOM) Standard
Dependency-Track | Software Bill of Materials (SBOM) Analysis
The Right Security
This is the latest in our video series The Right Security, in which we talk
with leaders and veterans in the security industry, tackling the biggest
issues impacting organizations today.
Check out The Right Security series on YouTube
<https://www.youtube.com/playlist?list=PLkV2qhiMyRKspi14k6qALEGirECTVRHp9>,
and subscribe to the Risk Based Security channel
<https://www.youtube.com/user/riskbased> to see new episodes in your feed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210226/b2e3c3ca/attachment.html>
More information about the BreachExchange
mailing list