The Importance of Software Bill-of-Materials (SBOMs) | A Conversation with Allan Friedman from CISA
0ITSPmagazine Event Coverage: RSAC 2023 San Francisco, USA
Guest: Allan Friedman, Senior Advisor and Strategist at CISA [@CISAgov]
On LinkedIn | https://www.linkedin.com/in/allanafriedman/
On Twitter | https://twitter.com/allanfriedman
____________________________
Host:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
BlackCloak | https://itspm.ag/itspbcweb
Brinqa | https://itspm.ag/brinqa-pmdp
SandboxAQ | https://itspm.ag/sandboxaq-j2en
____________________________
Episode Notes
Welcome to the latest episode of the Redefining Cybersecurity podcast with Sean Martin. In this episode, Sean talks about the upcoming RSA Conference in San Francisco, which promises to be an eventful one with a lot of topics, one of which is the software bill of materials (SBOM). Sean recently came across a tweet by Allan Friedman, a senior advisor and strategist at the Cybersecurity and Infrastructure Security Agency (CISA), about his hope to speak at RSA on SBOMs. In this episode, Sean invites Allan to discuss what prompted him to put that tweet up and how things have transitioned in the last few years.
According to Sean, Allan and his team's work has played a significant role in pushing the software community to take action and to make some progress on SBOMs. During this episode, Allan shares his journey into CISA, his work before on coordinated vulnerability disclosure, and how the government can help create better markets for security. He also shares his perspective on how the proliferation of APIs and microservices has taken off in recent years and how the SBOM concept has become more relevant than ever.
If you're interested in learning more about SBOMs and how they can help organizations mitigate security risks and vulnerabilities, then you don't want to miss this episode. So make sure you subscribe to Redefining Cybersecurity Podcast on your favorite platform and share this episode with your colleagues and friends.
____________________________
Resources
Supply Chain Integrity Month: https://www.cisa.gov/supply-chain-integrity-month
"Scaling Software Supply Chain Source Security in Large Enterprises" session: https://www.rsaconference.com/usa/agenda/session/Scaling%20Software%20Supply%20Chain%20Source%20Security%20in%20Large%20Enterprises
"The World on SBOMs" session: https://www.rsaconference.com/usa/agenda/session/The%20World%20on%20SBOMs
"The Opposite of Transparency" session: https://www.rsaconference.com/usa/agenda/session/The%20Opposite%20of%20Transparency
28 sessions on Supply Chain: https://www.rsaconference.com/usa/agenda/full-agenda#q=supply%20chain&t=agenda-upcoming-tab&numberOfResults=50
22 sessions on Open Source: https://www.rsaconference.com/usa/agenda/full-agenda#q=open%20source&t=agenda-upcoming-tab&numberOfResults=25
Learn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw
____________________________
For more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverage
Are you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
👉 https://itspm.ag/rsac23sp
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/podcast-series-sponsorships
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Be sure to share and subscribe!