The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco C...
0Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec (https://x.com/SchneiderElec) ]
On LinkedIn | / cassiecrossley
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine ( / itspmagazine ) ] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber ( / redefiningcyber ) ]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine ( / itspmagazine ) ] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmaga...
____________________________
Episode Notes
In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.
Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.
Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.
Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.
The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.
To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.
____________________________
This Episode’s Sponsors
HITRUST: https://itspm.ag/itsphitweb
____________________________
Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-20...
On YouTube: 📺 • OWASP 2024 Global AppSec San Francisco
Be sure to share and subscribe!
____________________________
Resources
The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.s...
Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcas...
Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/
SBOM-a-Rama: / urn:li:activity:7232385837869469699
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technolo...
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefini...
To see and hear more Redefini...