sFractal at BSidesSFDec 2, 2022
Wendy Nather
What do we do with a vendor SBOM? 🎶 Here are a few ideas from the Atlantic Council (and me): https://www.atlanticcouncil.org/in-depth-research-reports/issue-brief/the-cases-for-using-sboms/
The cases for using the SBOMs we build

Software bills of materials (SBOMs) provide key data suit for many uses. Industry and government can continue to sharpen their demand signals, shape implementation, and continue driving development and adoption.

Atlantic Council
Dec 2, 2022 at 3:30pmWeb
Show threadWendy NatherDec 2, 2022
And many thanks to @allanfriedman and others for their incisive feedback as we were working on this!
Show threadrbeltranDec 2, 2022
@wendynather Sending this out to my team to review. Good stuff here. We hold our vendors accountable. If we find known issues we have them update their app before we buy
#infosec #appsec
Show threadjulia ferraioliDec 2, 2022
@wendynather not SBsOM? :⁠-⁠P
Show threadMichael RichardsonDec 2, 2022
@wendynather what do we do a vendor SBOM, earli in the morning!!!!