Third Party Software Risk, SBOMs and their limitations

The tribe opens its virtual door to our CISO community, to exchange ideas, evaluate the good, the bad and the ugly, challenge the status quo, and share lessons learned.

This time we welcome Mirko Ross, an internationally recognized activist, expert, speaker, publicist and researcher in the field of Cyber Security for the Internet of Things and Software Supply Chain. Today’s session will be moderated by tribe member Andrea Krush, Manager IT Risk & Security at DAS.

Can't make it on this date? No worries, just register and you will automatically receive a link to the video directly after the event....

Unveiling the Challenges of Third Party Software Risk: The Role of SBOMs and Their Current Limitations, proposal for a Distributed Software Bill of Materials

Our world runs on code. Since the inception of software, complexity in code has been increasing. Modern software has thousands of direct and indirect dependencies. On one hand dependencies in software make it faster and easier to develop sophisticated software and on the other hand they increase attack vectors. They have become a perfect target for threat actors to compromise software supply chains and propagate the impact along the value chain.

Software Bill of Materials (SBOMs) have emerged as a promising solution to provide comprehensive visibility into the components and dependencies of software, empowering organizations to make informed decisions regarding their software supply chain security. Despite their potential, SBOMs face various challenges, including incomplete or inaccurate information, limited adoption and compliance, missing link for real time threat analysis on critical vulnerabilities, and the need for automation and standardized formats across the industry.

During this webinar, Mirko Ross will shed light on major issues with third party software risk, evaluate the role and current limitations of SBOMs in mitigating these challenges and necessary steps to be taken from the people, processes, technology and governance perspectives.

Mirko will present an innovation use case in the automotive industry, where asvin implemented the Distributed Software Bill of Material (D-SBOM) solution to maintain control over dependencies, and perform real time threat analysis for known vulnerabilities, by leveraging peer-to-peer network storage protocols, cryptographic algorithms and blockchain technologies.

Agenda:

14h00: Welcome -- Wim Stoffelen, CISO Tribe (NL)

14h05: Introduction by your moderator -- Andrea Krush, Security Manager at DAS (NL)

14h10: Presentation D-SBOM -- Mirko Ross, CEO at asvin GmbH (DE)

14h35: Q&A Session --  Audience, Mirko and Andrea

14h55: Closing remarks and next webinars -- Wim Stoffelen