OWASP Global AppSec US 2021 has ended
Back To Schedule
Thursday, November 11 • 4:00pm - 5:00pm
SBOM SmackDown: Conquer dragons in the shadows with OWASP CycloneDX

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software Bill of Materials (SBOM) has gained wide-spread support ranging from the software industry, to critical infrastructure, to the White House. Not all SBOMs, or SBOM formats, are created equal. In this session, transparency in the software supply chain will be highlighted along with strategies for effectively using the OWASP CycloneDX SBOM standard to make better risk-based decisions. In adherence to the Executive Order issued by the White House mandating SBOMs, the National Telecommunications and Infrastructure Administration (NTIA) has published minimum elements of an SBOM. This session will cover the minimum elements and why it's advantageous to exceed these requirements whenever possible. Example use cases will be presented that illustrate common software supply chain scenarios and how they can be represented in CycloneDX and communicated to others in the supply chain.

avatar for Steve Springett

Steve Springett

Sr Manager, Secure Software Engineering, ServiceNow
Steve educates teams on the strategy and specifics of developing secure software.He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive... Read More →

Thursday November 11, 2021 4:00pm - 5:00pm PST