Blue Team Set Us Up The SBOM
2019-11-09, 18:40–18:50, Blue Day

What if spotting vulnerabilities in your VPN, was as easy as checking for allergens in your applesauce? A Software Bill of Materials (SBOM) brings proven supply chain principles to modern software systems.

If there's asbestos in your home or allergens in your food you'd want to know about it, right? What about Heartbleed in your VPN or Eternal Blue in your backup server, would you want to know about those too? Want to know if you’re impacted by the next critical vulnerability with a six-second SQL query rather than a series of scans?

Well-tested traditional supply chain approaches can yield enormous blue team benefits when applied to modern software environments. For instance, a Software Bill of Materials (SBOM) simply lists software components in a system (and their components...and their components...all the way down). Savvy dev shops have used SBOMs to gain agility and reduce costs for years; defenders are starting to use them to check for risky software components and map a system’s known vulnerabilities.

After this talk, you’ll be able to empower the acquisition team to select better options, and more quickly know whether, where, and how you’re affected by the next big bug.