Olle E Johansson, Edvina and SBOM Europe
The EU Cyber Resilience Act requires manufacturers to keep users secure and their products up to date with free security updates. But how do you check all the dependencies? How does a vulnerability management toolchain work and what are the requirements for a successful process? Olle E. Johansson will take you through the world of vulnerability management and give you insights into what works, what may work in the future and what’s broken promises.
Vulnerability management is the process to manage your code and all dependencies in 3rd party product. Making sure that your product doesn’t contain any exploited or otherwise dangerous vulnerabilities and keeping your users secure.
This is an introduction for the whole product team.
Target group: Product management, developers, compliance officers, product support
What you will learn:
- What is a vulnerability
- Accepting reports
- Using the Software Bill of Materials, SBOM, in vulnerability management
- The CVE project
- The NVD database
- The EU vulnerability database
- Names: Identifiers for software components
- Checking with external sources
- Classes of vulnerabilities
- Automating vulnerability management
Keywords:
- CVE, CNA, NVD, EUVD, EPSS, KEV
- CPE, CPSS, CWE, PURL
- SBOM
Explore the conference agenda
