DevSecCon - SBOM - The inescapable way of tracking dependencies
Abstract
Since the past few months, there have been numerous cyber-attacks across the globe & SBOM is the key buzzword. SBOM refers to the Software Bill Of Materials. Lack of visibility on software components or packaging & delayed patching are the primary reasons for the supply chain attacks. Even Google released SLSA (Supply-chain Levels for Software Artifacts) framework that can be adopted in multiple stages like source, build, provenance & common uses. Numerous other tools help us to generate SBOM in different phases of SDLC. Through this lightning talk, I aim to increase awareness of SBOM, why it’s mandatory, the different formats of SBOM, and how to generate, manage and monitor SBOMs for other use cases.
Rewanth Tammana
Senior Security Architect
Rewanth Tammana is a security ninja, open-source contributor, and an independent consultant. Previously, Senior Security Architect at Emirates NBD (National Bank of Dubai). He is passionate about DevSecOps, Cloud, and Container Security. He added 17,000+ lines of code to Nmap (famous as Swiss Army knife of network utilities). Holds industry certifications like CKS (Certified Kubernetes Security Specialist), CKA (Certified Kubernetes Administrator), etc. Rewanth speaks and delivers training at multiple international security conferences around the world including Black Hat, Defcon, Hack In The Box (Dubai and Amsterdam), CRESTCon UK, PHDays, Nullcon, Bsides, CISO Platform, null chapters and multiple others. He was recognized as one of the MVP researchers on Bugcrowd (2018) and identified vulnerabilities in several organizations. He also published an IEEE research paper on an offensive attack in Machine Learning and Security. He was also a part of the renowned Google Summer of Code program.