Mastodawn

This week I joined @jodywestby on @AssociationDCG’s Cybersecurity & Privacy Podcast to explore the role of SBOMs in cybersecurity, limits to their effectiveness, advancements and much more.

Listen: https://adcg-on-privacy-and-cybersecurity.simplecast.com/episodes/104-understanding-software-bill-of-materials-and-why-they-are-crucial-for-cybersecurity

#Privacy #SoftwareBillofMaterials

104 | Understanding Software Bill of Materials and Why They Are Crucial for Cybersecurity | ADCG on Privacy & Cybersecurity

In this episode of ADCG’s Privacy and Cybersecurity Podcast, Jody Westby interviews Jean Camp, Director of the Center for Security and Privacy in Informatics, Computing, and Engineering and Professor of Informatics at University of Indiana. Prof. Camp is a renowned thought leader in privacy and cybersecurity and has conducted meaningful research on issues related to SBOMs and how they could be more effective. In this podcast, we explore the role of SBOMs in cybersecurity, what limits their effectiveness, and the Federal Government's role in advancing the use of SBOMs, developing tools to ease the use of SBOMs, and international efforts to create a harmonized approach to the development and use of SBOMs. Links to some of Prof. Camp’s work in this area is available on the ADCG website.

ADCG on Privacy & Cybersecurity

Valdemar Feb 23, 2024

Xeol is a scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs (Software Bill of Materials).

https://github.com/xeol-io/xeol

#Xeol #Scanner #EndOfLife #EOL #ContainerImages #Filesystems #SBOM #SoftwareBillOfMaterials #DevOps #Cybersecurity

GitHub - xeol-io/xeol: A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs

A scanner for end-of-life (EOL) software and dependencies in container images, filesystems, and SBOMs - xeol-io/xeol

GitHub

Code & Supply Nov 14, 2023

Secure your #containers with tutelage from @Jonzeolla from #Seiso at @codeandsupply on Tuesday, November 28. In this lab, you'll get hands-on with containers, learn how to examine them for common mistakes, and then add in some #security controls like container image signing, create a #SoftwareBillofMaterials #SBOM and run #vulnerability scans.

It costs $50 and includes dinner.

RSVP here: https://www.meetup.com/pittsburgh-code-supply/events/297107969/

Container Security 101 Workshop, Tue, Nov 28, 2023, 4:00 PM | Meetup

Is your company adopting containers but you haven’t had a chance to figure out the best way to secure them yet? In this lab, we get hands-on with containers, learn how to e

Meetup

Beth Pariseau Jun 15, 2023

"They can request SBOMs til they're blue in the face, but there’s no framework in place for enforcement."
- @webjedi in my writeup of #SBOM-a-rama:
https://www.techtarget.com/searchitoperations/news/366542018/CISA-SBOM-standards-efforts-stymied-by-confusion-inertia

#softwaresupplychain #cybersecurity @CISAgov
#CISA #NTIA #NIST #FDA #softwaresupplychainsecurity #supplychainsecurity #softwarebillofmaterials #cloud #cloudsecurity #security #infrastructure #cloudnative #cloudnativesecurity #sbomarama

CISA SBOM standards efforts stymied by confusion, inertia

Efforts to establish SBOM standards and guidance have progressed, but unanswered questions persist -- including how the federal government plans to enforce its own requirements.

TechTarget

cynicalsecurity

Jun 8, 2023

Here we go again! This time we have a couple of interesting papers on blockchain-related vulnerabilities, an attack against a lightweight stream cipher, an attack against key-store values, a little something about how hard SBOM¹ can be and a couple of hardware security papers.

* "An Empirical Study of Impact of Solidity Compiler Updates on Vulnerabilities in Ethereum Smart Contracts"
* "Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack"
* "Prefix Siphoning: Exploiting LSM-Tree Range Filters For Information Disclosure"
* "How to Bind Anonymous Credentials to Humans"
* "Challenges of Producing Software Bill Of Materials for Java"
* "Security Analysis of the WhatsApp End-to-End Encrypted Backup Protocol"
* "The curious case of the half-half Bitcoin ECDSA nonces"
* "X-ray: Discovering DRAM Internal Structure and Error Characteristics by Issuing Memory Commands"
* "Benchmarking and modeling of analog and digital SRAM in-memory computing architectures"
* "(M)WAIT for It: Bridging the Gap between Microarchitectural and Architectural Side Channels"

#Ethereum #Solidity #WG7 #Cryptography #KeyStore #Privacy #AnonymousCredentials #SBOM #Java #SoftwareBillOfMaterials #WhatsApp #E2E #Bitcoin #EDCSA #DRAM #SRAM #SideChannelAttacks

__
¹ Software Bill Of Materials.

Jamie Magee

Jan 2, 2023

Check out my latest blog post on how (surprisingly) easy it is to scan Windows container images and why I think existing container tools should add support for Windows container images!

https://jamiemagee.co.uk/blog/scanning-windows-container-images-is-surprisingly-easy/

#Containers #WindowsContainers #Windows #Docker #SoftwareBillOfMaterials #SBOM #SoftwareSupplyChain #SupplyChainSecurity

Scanning Windows container images is (surprisingly) easy!

When it comes to Linux containers, there are plenty of tools out there that can scan container images, generate Software Bill of Materials (SBOM), or list vulnerabilities. However, Windows container images are more like the forgotten stepchild in the container ecosystem. And that means we’re forgetting the countless developers using Windows containers, too. I wanted to see what I’d need to make scanning tools for Windows container images. Turns out it’s pretty easy.

Jamie Magee

Dec 30, 2022

I had fun today hacking around on Windows containers and SBOMs. Time to write it all up in a blog post.

#Windows #Containers #WindowsContainers #Docker #SoftwareBillOfMaterials #SBOM #SoftwareSupplyChain #SupplyChainSecurity