Artwork

Konten disediakan oleh ITSPmagazine, Sean Martin, and Marco Ciappelli. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh ITSPmagazine, Sean Martin, and Marco Ciappelli atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.
Player FM - Aplikasi Podcast
Offline dengan aplikasi Player FM !

The Missing Link: How We Collect and Leverage SBOMs | An OWASP 2024 Global AppSec San Francisco Conversation with Cassie Crossley | On Location Coverage with Sean Martin and Marco Ciappelli

21:25
 
Bagikan
 

Manage episode 439801271 series 2972571
Konten disediakan oleh ITSPmagazine, Sean Martin, and Marco Ciappelli. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh ITSPmagazine, Sean Martin, and Marco Ciappelli atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.

Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.

Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.

Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.

The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.

To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.

____________________________

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sboms

Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martin

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

  continue reading

619 episode

Artwork
iconBagikan
 
Manage episode 439801271 series 2972571
Konten disediakan oleh ITSPmagazine, Sean Martin, and Marco Ciappelli. Semua konten podcast termasuk episode, grafik, dan deskripsi podcast diunggah dan disediakan langsung oleh ITSPmagazine, Sean Martin, and Marco Ciappelli atau mitra platform podcast mereka. Jika Anda yakin seseorang menggunakan karya berhak cipta Anda tanpa izin, Anda dapat mengikuti proses yang diuraikan di sini https://id.player.fm/legal.

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

In this episode of On Location with Sean and Marco, hosts Sean Martin and Marco Ciappelli head to San Francisco to attend the OWASP Global AppSec conference. They kick off their journey with a light-hearted conversation about their destination, quickly segueing into the substantive core of the episode. The dialogue provides a rich backdrop to the conference's key focus: securing applications and the crucial role of Software Bill of Materials (SBOMs) in this context.

Special guest Cassie Crossley joins the hosts to delve deeper into the significance of SBOMs. Cassie introduces herself and highlights her previous engagements with the podcast, touching on her upcoming session titled "The Missing Link: How We Collect and Leverage SBOMs." She explains the essential function of SBOMs in tracking open-source and commercial software components, noting the importance of transparency and risk evaluation in modern software development.

Cassie explains that understanding the software components in use, including transitive dependencies, is crucial for managing risks. She discusses how her company, Schneider Electric, implements SBOMs within their varied product lines, ranging from firmware to cloud-based applications. By collecting and analyzing SBOMs, they can quickly assess vulnerabilities, much like how organizations scrambled to evaluate their exposure in the wake of the Log4J vulnerability.

Sean and Marco steer the conversation towards the practical aspects of SBOM implementation for smaller companies. Cassie reassures that even startups and smaller enterprises can benefit from SBOMs without extensive resources, using free tools like Dependency-Track to manage their software inventories. She emphasizes that having an SBOM—even in a simplified form—provides a critical layer of visibility, enabling better risk management even with limited means.

The discussion touches on the broader impact of SBOMs beyond individual corporations. Cassie notes the importance of regulatory developments and collective efforts, such as those by the Cybersecurity and Infrastructure Security Agency (CISA), to advocate for wider adoption of SBOM standards across industries.

To wrap up, the hosts and Cassie discuss the value of conferences like OWASP Global AppSec for fostering community dialogues, sharing insights, and staying abreast of new developments in application security. They encourage listeners to attend these events to gain valuable knowledge and networking opportunities. Finally, in their closing remarks, Sean and Marco tease future episodes in the On Location series, hinting at more exciting content from their travels and guest interviews.

____________________________

This Episode’s Sponsors

HITRUST: https://itspm.ag/itsphitweb

____________________________

Follow our OWASP 2024 Global AppSec San Francisco coverage: https://www.itspmagazine.com/owasp-2024-global-appsec-san-francisco-cybersecurity-and-application-security-event-coverage

On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllTcqoGpeR1rdo6p47Ozu1jt

Be sure to share and subscribe!

____________________________

Resources

The Missing Link - How We Collect and Leverage SBOMs (Session): https://owasp2024globalappsecsanfra.sched.com/event/1g3XV/the-missing-link-how-we-collect-and-leverage-sboms

Why the Industry Needs OpenSSF | A Conversation with Omkhar Arasaratnam, Adrianne Marcum, Arun Gupta, and Christopher Robinson | Redefining CyberSecurity with Sean Martin: https://redefiningcybersecuritypodcast.com/episodes/why-the-industry-needs-openssf-a-conversation-with-omkhar-arasaratnam-adrianne-marcum-arun-gupta-and-christopher-robinson-redefining-cybersecurity-with-sean-martin

Learn more about OWASP 2024 Global AppSec San Francisco: https://sf.globalappsec.org/

SBOM-a-Rama: https://www.linkedin.com/feed/update/urn:li:activity:7232385837869469699/

____________________________

Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast

To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast

Are you interested in sponsoring our event coverage with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

Want to tell your Brand Story as part of our event coverage?

Learn More 👉 https://itspm.ag/evtcovbrf

  continue reading

619 episode

Semua episode

×
 
Loading …

Selamat datang di Player FM!

Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.

 

Panduan Referensi Cepat