What is the software supply chain and why should I care? What open source vulnerabilities are hiding in my environment? How can I find them? Find out on today's #Tanium Tech Talk.

Governments are now getting involved in the software supply chain risk and requiring vendors to publish an #SBOM (software bill of materials) to list the components within their software (like a list of ingredients on a package of cookies).

Using Tanium's new SBOM visibility customers have told us they found things they never knew they had and that this solution solves for the sleepless nights during investigations like #log4j #springbeans #struts #opensslv3.

#Windows #MacOS #Linux #cpe #opensource
#informationsecurity #cybersecurity #informationtechnology

RESOURCES
Community Walk-Through
https://community.tanium.com/s/article/SBOM-v2-Installation-Guide
Docs
https://docs.tanium.com/asset/asset/sbom.html

CHAPTERS

00:00 Intro

01:06 Meet Roland

01:40 What is SBOM? Why care?

03:26 Government orders on SBOM

04:07 Build time vs Run time

05:18 Open-source components

06:33 Java file types

08:19 DEMO Asset Profiles

11:12 Planning the scan

12:59 DEMO SBOM Reports

13:30 What is a CPE string?

15:00 DEMO SBOM Report Filtering

15:44 DEMO File path & hash

17:07 DEMO Live investigation in Interact

19:13 What's next? Vulnerability mapping

22:22 Customer feedback

24:10 Software supply chain

26:03 How do I get it?

26:54 Wrap up