Program

/

CODE BLUE 2024

Time Table

SBOM and Security Transparency - How it all fits together

DAY 1

14:50-15:30

[Recorded Session]
The idea of knowing what is in our software went from a radical idea to the popular buzzword of “SBOM”. But where is Software Bill of Materials going, and how will it interact with other movements in security, particularly around government policy and regulation? This talk will review where SBOM came from, and how it became a global community, then explicitly aggressive current gaps, and how the community is working to address them. But SBOM alone will, of course, not solve all our problems. Before SBOM, we need more Coordinated Vulnerability Disclosure (CVD). Once we have SBOM, we need good quality vulnerability data, including the new CVE standards, and better software identifiers. And to prevent being overwhelmed, we need the Vulnerability Exploitability eXchange (VEX) and machine readable advisories, for both proprietary and open source software. See the whole map for better planning around the future of software security and response.

  • Location :

    • Track 1(HALL B)

  • Category :

    • Law&Policy

  • Share :

Speakers

  • アラン・フリードマン の写真

    Allan Friedman

    アラン・フリードマン

    Dr. Allan Friedman is a Senior Technical Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency (CISA) in the US Government. He coordinates the global cross-sector community efforts around software bill of materials (SBOM), and closely with experts around the world, including the Japanese governmen. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text “Cybersecurity and Cyberwar:What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat
    Friedman has had the honor of speaking at Code Blue in 2019 and 2022.