The recent executive order requiring SBOMs (Software Bill of Materials) for those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security. SBOMs by themselves are basically just a list of ingredients. As a result, requiring them is really a minimum requirement. But, SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part. Software vulnerabilities and attacks can bring significant consequences, including data breaches and system failures. Software supply chain security provides critical protection against threat actors.
Please join Cisco distinguished engineer, Ed Warnicke and me on May 17th for a live webinar during which we will discuss:
- Software supply chain mistakes of the mid-2000s that are being replicated in a cloud-native world.
- The difficulty of establishing a single source of truth for a software supply chain.
- The (bright!) future for software supply chain security, including promising advances from projects such as In-Toto and OmniBOR.
Ed and I will be joined in the discussion by people on the front lines of building solutions to secure the software supply chain:
- Aeva Black, OmniBor Project – Microsoft
- Brandon Lum, Guac
- Frederick Kautz, In-Toto
- Dan Lorenc, Wolfi
Here’s a link for you to register to attend our webinar.
Hope to see you there… hear your thoughts… and answer your questions.
We’d love to hear what you think.
Ask a question or leave a comment below.
And stay connected with Cisco DevNet on social!
LinkedIn | Twitter @CiscoDevNet | Facebook | YouTube Channel