A practical in-depth session

Anthony Harrison, APH10

Anthony Harrison

As software is increasingly integrated with many third-party components, particularly open-source components, it is essential to have a clear understanding of all the software that is deployed regardless of where it is used. With an increasing focus on improving the Cybersecurity of the many distinct parts of the supply chain, there is a growing expectation that a Software Bill of Materials (SBOM) will become a key artefact of any software asset to help capture all the software components being used.

But just generating an SBOM does not add any value; where the value comes is when they are integrated and used as part of a proactive security programme which is looking at mitigating the security risk to threats in the operational environment. And this applies throughout the life cycle from the identification of components, procurement of components, integration and management of deployed products as new vulnerabilities are continually identified.

This workshop will take participants through an SBOM lifecycle including the creation and analysis of various SBOMs. Participants will be introduced to various tools during the workshop which can be used to create and analyse SBOMs.

Participants should bring a laptop with a Python environment installed (version 3.10 or later) and will need to be able to install software during the workshop.

anthony-harrison-TamingtheSupplyChain-WORKSHOP

Open Source Security Foundation

Print This Page Print This Page