CSCP S4EP03 - Steve Springett - To BOM or to SBOM this is the question

Cyber Security & Cloud Podcast

English - October 15, 2023 20:39 - 37 minutes - 52.8 MB
Technology News Tech News Homepage Download Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: CSCP S4EP02 - Christophe Parisel - Vulnerabilities in the cloud Azure AWS and the road to prioritization

Next Episode: CSCP S4EP04 - Christopher Russell - Veteran Resiliency mesh security and blockchain

Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry.

The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.

0:00 Introduction

1:35 Steve’s background

2:35 State of the industry

7:00 Breach fatigue

10:00 Shift left, shift smart

13:45 How to make asset management sexy again

17:10 Threat modeling

20:00 Regulation

26:00 Security metrics

28:15 OWASP projects—SBOM platform

34:14 Final positive message

36:09 Get connected