Understanding Red Hat's SBOM - The Future of Software Transparency
Przemyslaw Roguski (Red Hat, PL) Przemysław Roguski is a Security Architect at Red Hat who specializes in Cloud Products security aspects. He contributes security analysis work on Red Hat OpenShift and other OpenShift-related products. He also designs security solutions and processes across Red Hat Product Security. He is focused on the security data improvements (various upstream and downstream security initiatives and projects like CWE, Kubernetes, Red Hat Vulnerability Scanner Certification program) to build better understanding of the security issues and improve client satisfaction. --- SBOMs have the intent and hope to provide transparency to ‘consumers’ of software with a list of the ‘ingredients’ that compose an application. SBOMs help with reviews for procurement,in what is included in a set of software applications/libraries, and provide general information on the composition of a software product. They also provide a basis for establishing a vulnerability program as part of an organization’s Risk Management approach. Red Hat Product Security publishes an official Red Hat Build SBOM (software bill of materials) to aid downstream consumers in addressing these concerns. In this talk we will discuss a general overview of what an SBOM is, what types of SBOMs can be produced by vendors, how to understand the individual components of an SBOM (products, software components and their dependencies) from an Open Source Software ‘producer’s’ perspective. We will show our approach to SBOM production, why and where SBOMs are important in the Security Development Lifecycle (SDLC). Main topics to be covered in this session include: What exactly is an SBOM SBOM types vendor / producers should really consider SBOM and software product lifecycle, how they work together SDL phases of the product lifecycle SBOM’s role and place in SDLC Red Hat SBOM implementation and publishing lessons This talk is designed for security professionals, compliance officers, compliance auditors and everyone who works on the supply chain aspects of software.
Webinar | Introduction to parallel performance engineering
THESE Apps Are SPYING on You — Shut Them Off NOW!
CVE Is The Worst Vulnerability Framework (Except For All The Others)
Cybersecurity Architecture: Networks
Storchennest Live Webcam in Bad Salzungen, Thüringen
Episode 1 - Introduction to CycloneDX SBOM Standard
US Workshop pt 2: Microservices and their Energy Problem
Cybersecurity Architecture: Who Are You? Identity and Access Management
Forecasting Vulnerability Sightings Under Data Scarcity: Modeling Sparse and Bursty Cyber Threat ...
A new software supply chain security recipe | Technically Speaking
Complete Terraform Course - From BEGINNER to PRO! (Learn Infrastructure as Code)
What do tech pioneers think about the AI revolution? - The Engineers, BBC World Service
One Bad OSINT Can Ruin Everything: How Secure is Your CTI RAG System, and Can You Minimize the Risk?
AI Agents for Beginners – Part 1 (Free Labs)
Salesforce Tutorial For Beginners | Introduction To Salesforce | Salesforce Training | Simplilearn
Cybersecurity Architecture: Endpoints Are the IT Front Door - Guard Them
A Machine Learning Framework for User-Specific HPC Resource Recommendation
Something is jamming GPS over Europe. Here's what we found
CTI-Transmute: Harmonizing Threat Intelligence in a Multi-Standard Ecosystem
