SBOMs and Supply Chains – Allan Friedman – BTS #22
We sit down with the father of the SBOM, Allan Friedman, to discuss examples of where we really need SBOMs, how to operationalize SBOMs, and how to identify and deal with bad things that may be in your SBOM! CISA's resources on SBOM are at cisa.gov/SBOM and anyone can find out more or ask for a meeting at [email protected]
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Sponsored By
Announcements
Below the surface listeners can learn more about Eclypsium by visiting eclypsium.com/go - there you will find the “Ultimate guide to supply chain security”, an on-demand webinar I presented called “Unraveling Digital Supply Chain Threats and Risk”, a paper on the relationship between ransomware and the supply chain, and a customer case study with Digital Ocean. If you are interested in seeing our product in action you can also sign up for a demo, you can get all that at eclypsium.com/go!
Guest
Dr. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability initiatives, and works to advance their adoption inside the US government and around the world. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics.
Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.
Hosts
