February 23, 2021 • RBS

Categories: Videos

Steve Springett, Senior Security Architect at ServiceNow, joins Jake Kouns, CEO and CISO at Risk Based Security, to talk about the need for Software Bill of Materials (SBOM), CycloneDX and the Dependency-Track project.

Steve has been at the forefront of helping organizations identify and reduce risk from the use of third-party and open source components. He is an open source advocate and leads the OWASP Dependency-Track project, OWASP Software Component Verification Standard (SCVS) project, CycloneDX software bill-of-material specification, and participates in several related projects and working groups.

Check out this episode of The Right Security for key insights into the strategy and specifics of developing secure software.

Show Notes

0:00 – Welcome and speaker introductions
1:30 – Defining SAST, DAST, IAST, SCA and SBOM
9:17 – The real difference between SBOM and SCA
12:00 – The importance of SBOM
14:41 – NTIA multi-stakeholder process for Software Component Transparency
20:17 – What is CycloneDX
24:37 – How CycloneDX is different
27:06 – What’s new in CycloneDX
30:45 – The PURL standard
34:00 – The relationship between CycloneDx and PURL
35:41 – What is Dependency-Track
38:42 – Dependency-Track and CycloneDX integration
41:31 – Using Dependency-Track over a commercial vendor solution 
43:58 – Major updates in Dependency Track 4.0
47:15 – Closing thoughts

Further Reading

The Right Security

This is the latest in our video series The Right Security, in which we talk with leaders and veterans in the security industry, tackling the biggest issues impacting organizations today.

Check out The Right Security series on YouTube, and subscribe to the Risk Based Security channel to see new episodes in your feed.

Our products
The Platform
Risk Based Intelligence
Learn more
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
Risk Management
Learn more