- 14 Nov
Supply chain security is complex to solve in this real world. Numerous software with notable features is available for free of cost. The scary part is they come with unforeseen hidden baggage of security vulnerabilities, supply chain security & trust issue. A few hacks in the past year; Faker.js, Color.js, log4j, etc.
Since the past few months, there have been numerous cyber-attacks across the globe & SBOM is the key buzzword. SBOM refers to the Software Bill Of Materials. Lack of visibility on software components or packaging & delayed patching are the primary reasons for the supply chain attacks. Even Google released SLSA (Supply-chain Levels for Software Artifacts) framework that can be adopted in multiple stages like source, build, provenance & common uses. Numerous other tools help us to generate SBOM in different phases of SDLC.
This presentation aims to bring awareness to the problems & challenges related to heavily relying on open-source solutions from a security point of view. We will discuss some methods to tackle these new kinds of security vulnerabilities. I aim to increase awareness of SBOM, why it’s mandatory, the different formats of SBOM, and how to generate, manage and monitor SBOMs for other use cases.