BreachExchange mailing list archives
SBOM, CycloneDX and Dependency-Track – The Right Security
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 26 Feb 2021 10:11:15 -0600
https://www.riskbasedsecurity.com/2021/02/23/sbom-cyclonedx-and-dependency-track-the-right-security/ https://youtu.be/kZJFceAj3kA Steve Springett, Senior Security Architect at ServiceNow, joins Jake Kouns, CEO and CISO at Risk Based Security, to talk about the need for Software Bill of Materials (SBOM), CycloneDX and the Dependency-Track project. Steve has been at the forefront of helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill-of-material specification, and participates in several related projects and working groups. Check out this episode of The Right Security for key insights into the strategy and specifics of developing secure software. Show Notes 0:00 – Welcome and speaker introductions 1:30 – Defining SAST, DAST, IAST, SCA and SBOM 9:17 – The real difference between SBOM and SCA 12:00 – The importance of SBOM 14:41 – NTIA multi-stakeholder process for Software Component Transparency 20:17 – What is CycloneDX 24:37 – How CycloneDX is different 27:06 – What’s new in CycloneDX 30:45 – The PURL standard 34:00 – The relationship between CycloneDx and PURL 35:41 – What is Dependency-Track 38:42 – Dependency-Track and CycloneDX integration 41:31 – Using Dependency-Track over a commercial vendor solution 43:58 – Major updates in Dependency Track 4.0 47:15 – Closing thoughts FURTHER READING ServiceNow – The smarter way to workflow™ CycloneDX Software Bill of Materials (SBOM) Standard Dependency-Track | Software Bill of Materials (SBOM) Analysis The Right Security This is the latest in our video series The Right Security, in which we talk with leaders and veterans in the security industry, tackling the biggest issues impacting organizations today. Check out The Right Security series on YouTube <https://www.youtube.com/playlist?list=PLkV2qhiMyRKspi14k6qALEGirECTVRHp9>, and subscribe to the Risk Based Security channel <https://www.youtube.com/user/riskbased> to see new episodes in your feed.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- SBOM, CycloneDX and Dependency-Track – The Right Security Destry Winant (Feb 26)