Leveraging Software Bill of Materials Practices for Risk Reduction



A Software Bill of Materials (SBOM) is a comprehensive list of software components involved in the development of a software product. While recently gaining attention in the context of security, SBOMs have limited value unless properly integrated into effective cyber risk management processes and practices. The SEI SBOM Framework compiles a set of leading practices for building an SBOM and using it to support risk reduction.

 

The SEI SBOM Framework provides a roadmap for managing vulnerabilities and risks in third-party software, including commercial-off-the-shelf (COTS) software, government-off-the-shelf (GOTS) software, and open-source software (OSS). A set of use cases informed the identification of SBOM practices, including building an SBOM and using it to manage risks to software intensive systems. These foundational practices were augmented using key security management concepts, such as the need to address requirements, planning and preparation, infrastructure, and organizational support. In this webcast, Charles Wallen, Dr. Carol Woody, and Michael Bandor discuss how organizations can connect SBOMs to acquisition and development to support improved system and software assurance.

 

Attendees will learn how to:

  • Leverage acquisition and engineering leading practices to inform SBOM program design
  • Use SBOM methods for managing system risk
  • Establish and manage an effective SBOM program

Speaker and Presenter Information

Charles M. Wallen has been a thought leader in operations and risk management for over 25 years. He has provided consulting to public and private organizations, led industry-wide risk initiatives, and managed global operations risk management and governance programs for financial services organizations. Today, Charles works with Carnegie Mellon University Software Engineering Institute’s CERT Division on initiatives to strengthen the resilience of critical infrastructure, to improve software assurance, and to enhance/refine techniques for managing supply chain risk.

 

Dr. Carol Woody has been a senior member of the technical staff at the Software Engineering Institute since 2001. Currently she is the technical manager of the CERT Cybersecurity Engineering team which addresses security and survivability throughout the development and acquisition lifecycles, especially early in design and engineering. Her research focus on building capabilities for measuring, managing, and sustaining cybersecurity for highly complex networked systems and systems of systems. Woody holds a B.S. in mathematics from the College of William & Mary, an M.B.A. from Wake Forest University with distinction, and a Ph.D. in information systems from NOVA Southeastern University.

Relevant Government Agencies

DOD & Military, Federal Government


    Event Type
    Webcast


    This event has no exhibitor/sponsor opportunities


    When
    Wed, Sep 6, 2023, 1:30pm - 2:30pm ET


    Cost
    Complimentary:    $ 0.00


    Website
    Click here to visit event website


    Organizer
    CMU - SEI


    Contact Event Organizer



    Return to search results