From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives and Negatives

Explore the complexities of vulnerability management in third-party software through this 46-minute OWASP Foundation conference talk. Delve into the world of Software Composition Analysis (SCA) tools and Software Bill of Materials (SBOMs), examining their effectiveness in addressing security concerns like Log4Shell and supply chain attacks. Gain insights from the perspective of a FOSS security library provider on the challenges and potential improvements in the vulnerability management process. Learn how AppSec engineers and developers can streamline and enhance their approach to identifying and mitigating security risks in third-party dependencies. Benefit from the speaker's extensive experience in application security, applied cryptography, and web AppSec as you navigate the intricate landscape of false positives and negatives in vulnerability analysis.

From SBOMs to F-Bombs: Vulnerability Analysis, SCA Tools, and False Positives & Negatives