The Open Web Application Security Project (OWASP) Los Angeles Chapter has teamed up with the Orange County, Inland Empire, San Diego, and San Francisco Bay Area chapters to bring you another great AppSec California. Join us and your peers for amazing talks and networking on January 22-25, 2019!
Friday, January 25 • 10:45am - 11:35am
BoMs Away - Why Everyone Should Have a BoM

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The benefits of using third-party and open source components are often negated by the inherent risks that come with them. Systematically reducing risk while allowing the benefits to prevail can be challenging. Organizations often rely on methods of identification that provide instant gratification, but fall short on delivering a simple, coherent strategy for long-term risk identification and remediation. This session will cover current best practices, explore how they will evolve over time, and provide concrete examples attendees can put into practice with minimal effort. Demonstrations will cover the creation of software bill-of-material (S-BoM) documents from a polyglot build environment, using OWASP Dependency-Track to automatically identify outdated and vulnerable components, and how organizations can automate their response to specific types of security events. Advanced topics of discussion will include current and emerging standards as well as government initiatives that may shape the view of the status quo. 

avatar for Steve Springett

Steve Springett

Senior Security Architect, ServiceNow
Steve educates teams on the strategy and specifics of developing secure software.He practices security at every stage of the development lifecycle by leading sessions on threat modeling, secure architecture and design, static/dynamic/component analysis, offensive research, and defensive... Read More →

Friday January 25, 2019 10:45am - 11:35am
Terrace Lounge