Fortress Information Security,
an organization I have worked for as a consultant for over three years, has
recently developed two great resources for anyone interested in or involved
with software bills of materials: a webinar and an e-book. I recommend both of
these.
WEBINAR: Software Risks:
Understanding your Software Supply Chain Security
The webinar takes place tomorrow
at noon ET. The link for both registration and attendance is here.
If you can’t attend tomorrow, you’ll be able to view the recording later.
The speakers are both very
knowledgeable about SBOMs: One is Tom Pace, the Co-founder and CEO of NetRise
(and a familiar name to readers of this blog. My most recent post featuring him
is here)
and Bryan Cowan of Fortress, who is Product Owner for SBOMs at Fortress.
The topics to be covered in the webinar “include SBOM adoption drivers, SBOM risk insights, example use cases, and a business case for managing risk with SBOMs.” The webinar will last between 40 and 60 minutes, although the last 20 minutes or so will be reserved for questions.
Whitepaper: SBOM Use Cases for
Asset Owners
Bryan has been busy recently,
since he co-authored (with Ty Short) the above white paper, which is available here.
This takes a very different approach to SBOMs than just about anything I’ve
seen in writing (including my posts) so far: Instead of focusing on the use
cases of licensing (the original SBOM use case) and software vulnerability
management (the use case behind Executive Order 14028 and most articles on
SBOMs, including my posts), the paper is clearly based on real-world research into
the possible uses of SBOMs by public and private organizations. The result is
quite good and very readable.
I recommend you look at both of
these! And I promise that neither one will require an excessive amount of your
time.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have
read here, I would love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment