SBOM - Tanium Tech Talks #58
What is the software supply chain and why should I care? What open source vulnerabilities are hiding in my environment? How can I find them? Find out on today's #Tanium Tech Talk.
Governments are now getting involved in the software supply chain risk and requiring vendors to publish an #SBOM (software bill of materials) to list the components within their software (like a list of ingredients on a package of cookies).
Using Tanium's new SBOM visibility customers have told us they found things they never knew they had and that this solution solves for the sleepless nights during investigations like #log4j #springbeans #struts #opensslv3.
#Windows #MacOS #Linux #cpe #opensource
#informationsecurity #cybersecurity #informationtechnology
01:06 Meet Roland
01:40 What is SBOM? Why care?
03:26 Government orders on SBOM
04:07 Build time vs Run time
05:18 Open-source components
06:33 Java file types
08:19 DEMO Asset Profiles
11:12 Planning the scan
12:59 DEMO SBOM Reports
13:30 What is a CPE string?
15:00 DEMO SBOM Report Filtering
15:44 DEMO File path & hash
17:07 DEMO Live investigation in Interact
19:13 What's next? Vulnerability mapping
22:22 Customer feedback
24:10 Software supply chain
26:03 How do I get it?
26:54 Wrap up