CSCP S4EP03 - Steve Springett - To BOM or to SBOM this is the question

 

Steve Springett is the Director of Product Security at ServiceNow, helping 4,000+ developers build secure and resilient software. He’s a leader of multiple OWASP projects including Dependency Track, SCVS, and Cyclone DX. In this conversation, Steve and Francesco discuss the term SBOM (software bill of materials), the importance of regulations, and the state of the industry.

 

The episode is brought to you by Phoenix Security; get in control of your vulnerabilities from code to cloud with the power of Phoenix. ACT Now on the most important vulnerabilities and reduce your exposure to modern attacks. See it for yourself. Go to https://phoenix.security/request-a-demo/ for a free 14-day licence.

 

0:00 Introduction

1:35 Steve’s background

2:35 State of the industry

7:00 Breach fatigue

10:00 Shift left, shift smart

13:45 How to make asset management sexy again

17:10 Threat modeling

20:00 Regulation

26:00 Security metrics

28:15 OWASP projects—SBOM platform

34:14 Final positive message

36:09 Get connected

37:20 Outro

 

Steve Springett

https://www.linkedin.com/in/stevespringett/

https://infosec.exchange/@stevespringett

Twitter @stevespringett

https://dependencytrack.org/

https://scvs.owasp.org/

https://cyclonedx.org/

 

Cyber Security and Cloud Podcast hosted by Francesco Cipollone

Twitter @FrankSEC42

Linkedin: linkedin.com/in/fracipo 

#CSCP #cybermentoringmonday cybercloudpodcast.com 

 

Social Media Links  Follow us on social media to get the latest episodes: Website: http://www.cybercloudpodcast.com/ You can listen to this podcast on your favourite player: Itunes: https://podcasts.apple.com/gb/podcast/the-cyber-security-cloud-podcast-cscp/id1516316463  
Spotify: https://open.spotify.com/show/3fg8AqP4vEi5Im8YKxazUQ  Linkedin: https://www.linkedin.com/company/35703565/admin/  


Twitter: https://twitter.com/podcast_cyber   


Youtube https://www.youtube.com/channel/UCVgsq-vMzq4sxObVonDsIAg/