Session Name: SBOM - From the idea of transparency to the reality of code
The idea that we should know what is in our code isn't new. Yet a "Software Bill Of Materials" is just emerging as an obvious and essential part of our software assurance and supply chain security process. This talk will review the idea of a 'list of ingredients' for software, highlight the global consensus around the concept and the standards we have to represent the data for automation, and summarize the types of tools available to make sure that SBOM generation and consumption can be one of the easier parts of our DevSecOps toolkit.
Allan Friedman is Director of Cybersecurity Initiatives at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multi-stakeholder processes on cybersecurity, focusing on resiliency in a vulnerable world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted infoSec and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text Cybersecurity and Cyberwar: What Everyone Needs to Know, has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.