Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
コンテンツは Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Unsolicited Responseに似ているもの
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Daily update on current cyber security threats
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
))
SBOMs & CycloneDX with Steve Springett
Manage episode 375077070 series 2525086
コンテンツは Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Steve Springett is the Chair of the OWASP CycloneDX Core Working Group. CycloneDX is one of the two main machine readable formats that SBOMs are being created in, although CycloneDX can capture all sorts of BOMs.
In this episode we assume listeners know what a SBOM is and why it might be desired by a vendor and asset owner. The beginning of the show we cover some basics of CycloneDX
If you know the basics, skip to 14:24 where we get into the details
- Statistics on who is generating and using CycloneDX SBOMs, and the impact of governement regulations on the use.
- Steve's view of the NTIA Minimum Elements for SBOM v. CycloneDX elements.
- How CycloneDX tries to capture the completeness of and confidence in the SBOM.
- The naming problem. CPE, CVE, NVD, SWID, PURL and more. Steve describes the problem and what he thinks is the way forward.
- Vulnerabilities ... and why Steve thinks VEX is a missed opportunity.
- Outdated component analysis (this could be very useful in a procurement decision)
- and more
Links
CycloneDX document: Authoritative Guide To SBOM
ICS-Patch (what to patch when in ICS / risk based decision tree)
52 つのエピソード
シェア
Manage episode 375077070 series 2525086
コンテンツは Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Dale Peterson, Dale Peterson: ICS Security Catalyst, and S4 Conference Chair またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal。
Steve Springett is the Chair of the OWASP CycloneDX Core Working Group. CycloneDX is one of the two main machine readable formats that SBOMs are being created in, although CycloneDX can capture all sorts of BOMs.
In this episode we assume listeners know what a SBOM is and why it might be desired by a vendor and asset owner. The beginning of the show we cover some basics of CycloneDX
If you know the basics, skip to 14:24 where we get into the details
- Statistics on who is generating and using CycloneDX SBOMs, and the impact of governement regulations on the use.
- Steve's view of the NTIA Minimum Elements for SBOM v. CycloneDX elements.
- How CycloneDX tries to capture the completeness of and confidence in the SBOM.
- The naming problem. CPE, CVE, NVD, SWID, PURL and more. Steve describes the problem and what he thinks is the way forward.
- Vulnerabilities ... and why Steve thinks VEX is a missed opportunity.
- Outdated component analysis (this could be very useful in a procurement decision)
- and more
Links
CycloneDX document: Authoritative Guide To SBOM
ICS-Patch (what to patch when in ICS / risk based decision tree)
52 つのエピソード
Tất cả các tập
×
プレーヤーFMへようこそ!
Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。
Unsolicited Responseに似ているもの
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Daily update on current cyber security threats
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Marc Fennell and a team of people far smarter than him (his words, not ours) take a fun deep dive into how technology is reshaping our lives.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
From smart phones to smart homes, the Android Police Podcast gives you exactly what you need from a tech podcast - no more, no less. Every week, each of our hosts curate topics to talk about. It could be tracking through your newsfeed or a passion project or two. We're centered on Android, but go far and wide, so if you're looking for good talk that won't waste your time, listen and subscribe.
…
continue reading
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!
Player FMアプリでオフラインにしPlayer FMう!
