Episode: #070: Putting da BOM in SBOM and SCA

Update: 2024-05-08

Description

Ken and Mike discuss supply chain security, including software composition analysis (SCA) and software bill of materials (SBOM). They highlight the importance of understanding the components that make up your software and the risks associated with using third-party libraries. They also discuss recent supply chain failures, such as the XZ library hack and the SolarWinds attack. The hosts emphasize the need for organizations to stay up to date with software patches and to consider the security of commercial off-the-shelf software. They caution against placing too much focus on any one security tool or approach, including SBOM, and instead advocate for a well-rounded approach to security.

Comments

In Channel

Episode #081: Burnout by Budget Season: Surviving Q4 in Security

2025-10-2921:57

Episode #080: Patch Me If You Can: Compliance, SLAs, and Other Fairytales

2025-08-2534:05

Episode #079: CISOver It: When Dashboards Replace Direction

2025-06-1037:00

Episode #078: 🔥 Burn Your 30-page Policies: Tanya’s Got Better Ideas

2025-04-2246:48

Episode #077: Is Google Eating the Cloud? 🔥 Wiz.io Acquisition Hot Takes

2025-03-2431:59

Episode #076: ShmooBalls & Open Source Brawls: DevSecOps, Risk, and the Final ShmooCon

2025-02-0433:32

Episode #075: Ghosts of DevSecOps: Past, Present, and Future

2024-12-2436:08

Episode #074: Battling Budgets in Security

2024-12-0936:11

Episode #073: Staffing Security in DevSecOps

2024-10-2137:10

Episode #072: Measuring the Immeasurable: The Power and Pitfalls of Metrics in DevSecOps

2024-08-2833:48

Episode #071: Retro Vibes with Retrospectives

2024-06-1925:32

Episode: #070: Putting da BOM in SBOM and SCA

2024-05-0839:32

Episode #069: Your SaaS is Grass

2024-03-2032:38

Episode #068: Data Breaches and DevSecOps

2024-02-2134:17

Episode #067: Welcome to 2024! AppSec Resolutions and A Smhoocon Recap

2024-01-2635:27

Episode #066: Exploration of the Shifting Definition of Shifting Left

2023-12-0542:33

Episode #065: LASCON 2023 Recap - AI, a Misunderstood Menace or Magic Bullet

2023-11-1033:11

Episode #064: Don't Instigate, Mitigate!

2023-09-2531:32

Episode #063: Unscrambling CloudSecSoup with CSPM, Vuln Management, SIEMs, and Log Aggregators

2023-09-0537:56

Episode #062: Cyber Sentinels: Ken and Mike in the DevSecOps Labyrinth

2023-08-0740:21

00:00

Episode: #070: Putting da BOM in SBOM and SCA

#box-pro-ellipsis-176431883757336{-webkit-line-clamp:2;}Episode: #070: Putting da BOM in SBOM and SCA

Episode: #070: Putting da BOM in SBOM and SCA

Ken Toler and Mike McCabe

Episode: #070: Putting da BOM in SBOM and SCA