SBOMS for Evil: How Evil are they? – Larry Pesce – RSA24 #2
Software security is more critical than ever before, with cyber threats continuing to evolve. SBOMs (Software Bill of Materials) provide a comprehensive inventory of all components used in a software package, including their versions and dependencies. This transparency and visibility into the software supply chain enable organizations to make informed decisions about the security of their applications. Join us to learn how SBOMs can enhance penetration testing, by taking “SBOMs for Good,” and making them “SBOMs for Evil.”
Guest
Larry’s core specialties include hardware and wireless hacking, architectural review, and traditional pentesting. He also regularly gives talks at DEF CON, ShmooCon, DerbyCon, and various BSides. Larry holds the GAWN, GCISP, GCIH, GCFA, and ITIL certifications, and has been a certified instructor with SANS for 5 years, where he trains the industry in advanced wireless and Industrial Control Systems (ICS) hacking. Larry’s independent research for the show has led to interviews with the New York Times with MythBusters’ Adam Savage, hacking internet-connected marital aids on stage at DEFCON, and having his RFID implant cloned on stage at Shmoocon. Larry is also a Principal Instructor and Course Author for the SANS Institute for SEC617: Wireless Penetration Testing and Ethical Hacking and SEC556: IoT Penetration Testing. When not hard at work, Larry enjoys long walks on the beach weighed down by his ham radio, (DE KB1TNF), and thinking of ways to survive the impending zombie apocalypse.
Host
