Podbean logo
  • Discover
  • Podcast Features

    Your all-in-one podcasting solution.
    Blog to Podcast

    Turn your blog into an engaging podcast.
  • Livestream

    High-performing audio live, without limits.
    Podcast Studio

    Easy-to-use audio recorder app.
  • Podbean AI

    AI-Enhanced Audio Quality and Content Generation.
    Podcast App

    The best podcast player & podcast app.
  • Ads Marketplace

    Join Ads Marketplace to earn money
    through sponsorship on your podcast.
    PodAds

    Manage your ads with dynamic ad insertion capability.
  • Apple Podcasts Subscriptions Integration

    Effortlessly publish and manage exclusive episodes for your
    Apple Podcasts subscribers directly from Podbean.

  • Live Streaming

    Receive livestream rewards from your audience and earn
    recurring income from your Fan Club membership.

  • All Arts Business Comedy Education
  • Fiction Government Health & Fitness History Kids & Family
  • Leisure Music News Religion & Spirituality Science
  • Society & Culture Sports Technology True Crime TV & Film
  • Live
  • How to Start a Podcast
  • How to Start a Live Podcast
  • How to Monetize a podcast
  • How to Promote Your Podcast
  • How to Use Group Recording
  • Log in
  • Start your podcast for free
  • Podcasting
    • Podcast Features
    • Livestream
    • Podbean AI
    • Blog to Podcast
    • Podcast Studio
    • Podcast App
  • Monetization
    • Ads Marketplace
    • Apple Podcasts Subscriptions Integration
    • Live Streaming
    • PodAds
  • Advertisers
  • Enterprise
  • Pricing
  • Discover
    • Log in
    Sign up free
Unsolicited Response

Unsolicited Response

Technology

SBOMs & CycloneDX with Steve Springett

SBOMs & CycloneDX with Steve Springett

2023-08-23
Download Right click and do "save link as"

Steve Springett is the Chair of the OWASP CycloneDX Core Working Group. CycloneDX is one of the two main machine readable formats that SBOMs are being created in, although CycloneDX can capture all sorts of BOMs.

In this episode we assume listeners know what a SBOM is and why it might be desired by a vendor and asset owner. The beginning of the show we cover some basics of CycloneDX

If you know the basics, skip to 14:24 where we get into the details

  • Statistics on who is generating and using CycloneDX SBOMs, and the impact of governement regulations on the use.
  • Steve's view of the NTIA Minimum Elements for SBOM v. CycloneDX elements.
  • How CycloneDX tries to capture the completeness of and confidence in the SBOM.
  • The naming problem. CPE, CVE, NVD, SWID, PURL and more. Steve describes the problem and what he thinks is the way forward.
  • Vulnerabilities ... and why Steve thinks VEX is a missed opportunity.
  • Outdated component analysis (this could be very useful in a procurement decision)
  • and more

Links

CycloneDX document: Authoritative Guide To SBOM

ICS-Patch (what to patch when in ICS / risk based decision tree)

S4x24 CFP

view more

More Episodes

S4x24 Main Stage Interview With Stewart Baker
2024-07-10
S4x24 Main Stage Interview With Rob Lee
2024-06-26
Chris Hughes, Author of Effective Vulnerability Management
2024-05-15
2024 Threat Report – OT Cyber Attacks with Physical Consequences
2024-05-03
State Of NERC CIP, European Update and OT Security Community
2024-04-24
Book Interview: Introduction To SBOM And VEX
2024-04-17
S4x24 Closing Panel
2024-04-10
Q1: ICS Security In Review
2024-04-03
S4x24 Preview
2024-02-28
Predictions Analyzed
2023-12-20
Q4 ICS Security Quarter In Review
2023-12-13
CISA Attack Surface Scanning Service
2023-12-06
Engineering-Grade OT Security with Andrew Ginter
2023-11-29
Asset Inventory, Lawyers, and AI
2023-11-15
Is The Purdue Model Dead (E)
2023-11-08
Kelly Shortridge - Security Chaos Engineering in ICS
2023-11-01
IACS System Testing and Assessment Rating (STAR) Methodology with Don Weber
2023-10-25
Dave Whitehead On SBOMs, Manufacturing in the US, and more
2023-10-18
Cyber Risk Quantification (CRQ) with Nicole Sundin
2023-10-11
Presidential Candidate Will Hurd
2023-10-04
  • ←
  • 1
  • 2
  • 3
  • →
012345678910111213141516171819

Get this podcast on your
phone, FREE

Download Podbean app on App Store Download Podbean app on Google Play

Create your
podcast in
minutes

  • Full-featured podcast site
  • Unlimited storage and bandwidth
  • Comprehensive podcast stats
  • Distribute to Apple Podcasts, Spotify, and more
  • Make money with your podcast
Get started

It is Free

  • Podcast Services

    • Podcast Features
    • Pricing
    • Enterprise Solution
    • Private Podcast
    • The Podcast App
    • Live Stream
    • Audio Recorder
    • Remote Recording
    • Podbean AI
  •  
    • Create a Podcast
    • Video Podcast
    • Start Podcasting
    • Start Radio Talk Show
    • Education Podcast
    • Church Podcast
    • Nonprofit Podcast
    • Get Sermons Online
    • Free Audiobooks

  • MONETIZATION & MORE

    • Podcast Advertising
    • Dynamic Ads Insertion
    • Apple Podcasts Subscriptions
    • Switch to Podbean
    • YouTube to Podcast
    • Blog to Podcast
    • Submit Your Podcast
    • Podbean Plugins
    • Developers

  • KNOWLEDGE BASE

    • How to Start a Podcast
    • How to Start a Live Podcast
    • How to Monetize a Podcast
    • How to Promote Your Podcast
    • How to Use Group Recording
    • Podcast Advertising 101

  • Support

    • Support Center
    • What’s New
    • Free Webinars
    • Podcast Events
    • Podbean Academy
    • Podcasting Smarter
    • Badges
    • Resources

  • Podbean

    • About Us
    • Podbean Blog
    • Careers
    • Press and Media
    • Green Initiative
    • Affiliate Program
    • Contact Us
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
  • Consent Preferences
  • Copyright © 2015-2024 Podbean.com