How to Use SBOMs to Increase Your Software Supply Chain Security

How to Use SBOMs to Increase Your Software Supply Chain Security

High-profile software supply chain attacks and vulnerabilities like Log4j just represent the tip of the iceberg. One way the government is trying to create additional transparency around the software supply chain for federal agencies and its contractors, which will likely impact commercial entities down the road as well, is to require a software bill of materials (SBOM). In this session, explore:

• What the federal government’s SBOM requirement entails and how it will trickle down to the private sector
• Different protocols/formats of SBOMs (including those for SaaS products), what they (should) tell you, and how to use them (i.e., produce, validate, consume, update, store and transfer them)
• The potential pitfalls of open source SBOMs and how to guard against them
• The basics of VEX (Vulnerability Exploitability eXchange) and how to use SBOMs and VEX data as a part of your overall vulnerability management strategy

Audience

This event is for IANS clients and invited guests — there is no vendor sponsorship or presence.