YoVDO

From SBOM to Trusted Software Supply Chain - How Far Are We?

Offered By: Association for Computing Machinery (ACM) via YouTube

Tags

Software Bill of Materials (SBOM) Courses Vulnerability Management Courses

Course Description

Overview

Explore the critical aspects of software supply chain security and transparency in this SIGSOFT webinar. Delve into the concept of Software Bill of Materials (SBOM) and its role in building a trusted software supply chain (TSSC). Examine recent progress in SBOM generation and consumption, vulnerability management, and supply chain attack prevention. Gain insights into silent vulnerability bug reports and fixes identification, vulnerability detection, and CVE improvement. Learn about future directions for TSSC and the challenges that persist in the field. Benefit from the expertise of Dr. Xin Xia, director of the software engineering application technology lab at Huawei, as he shares his research on intelligent software engineering, mining software repositories, and empirical software engineering. Engage with moderator Dr. Xing Hu, assistant professor at Zhejiang University, specializing in intelligent software engineering and software supply chain management.

Syllabus

Intro
What is SBOM?
SBOM Ecosystem: Dedicated to Standardizing SBOMs and Building a Data Foundation a Secure Software Supply Chain
Response to the Vulnerability in Log4j: Continuously Enhance Community Governanc Capabilities Centering on Vulnerability Awareness, Locating, and Remediation
Poisoning Attacks Bring Huge Risks to the Software Supply Chain
Challenges in the Trustworthy Software Supply Chain Still Persist
An Overview of Trustworthy Software Supply Chain Solution
Security Vulnerability Disclosure Models
Early Awareness of Security Vulnerabilities is Unavailable
Early Awareness of Critical Vulnerabilities Based on Contrastive Learni
Early Detection Technology for Security Defect Reports (MemVul)
Proactive Vulnerability Discovery by Scanning Similar Vulnerability Features
Correct the Version Information of Software with CVEs
CVE Fixing Patch Identification
Locate Components with CVEs
Package Name Confusion Detection
Community Monitoring and Risk Control Technologies
Early Detection of High-Risk Vulnerabilities
Binary Vulnerability Scanning for Open Source Software
Effective Malicious Code Identification
Next Step: Software Asset Management


Taught by

Association for Computing Machinery (ACM)

Related Courses

Transparency in the Software Supply Chain - Making SBOM a Reality
Black Hat via YouTube SBOM is Here - Making Progress - Not Excuses
BSidesLV via YouTube How Software Transparency Can Help Save the World
Security BSides San Francisco via YouTube DBOM and SBOM - New Options for Better Supply Chain Cybersecurity
RSA Conference via YouTube SBOM - Screw It, We'll Do It Live!
0xdade via YouTube