Book a Demo
Support
Products
CodeSonar
CodeSentry
Integrations
AI Security
Use Cases
Regulatory Compliance
Functional Safety
Standards Compliance
Software Assurance
Software Security
Software Supply Chain Security
COTS Security
SBOM
DevSecOps
Industries
Automotive and Transportation
Industrial
Medical Device
Aerospace
Government and Defense
Technology Software and ISV
Learn
TalkSecure
News
Videos
White Papers
Product Sheets
Case Studies
Customer Reviews
Products
CodeSonar
CodeSentry
Integrations
AI Security
Use Cases
Regulatory Compliance
Functional Safety
Standards Compliance
Software Assurance
Software Security
Software Supply Chain Security
COTS Security
SBOM
DevSecOps
Industries
Automotive and Transportation
Industrial
Medical Device
Aerospace
Government and Defense
Technology Software and ISV
Learn
TalkSecure
News
Videos
White Papers
Product Sheets
Case Studies
Customer Reviews
Managing the Lifecycle of Your Software Bills of Materials (SBOMs)
Dmitry Raidman’s foray into SBOM management started with a vulnerable baby monitor when he was a new father in 2015. An SBOM – Software Bill of Materials – is like an ingredient list of all the pieces of code that go into an embedded application, he explains.
With hundreds to thousands of SBOMs applied to each software product, he founded Cybeats and built the SBOM Studio. More than just a repository, SBOM studio automates and orchestrates SBOM management and visualization across a large variety of SBOM types to provide lifetime management of SBOM information, and greatly enhance visibility in the software supply chain.
He explains the many types of SBOMs, starting with a design SBOM to understand if you’re bringing reputable sources of code into the application before development starts. He points to the repository SBOM, the build SBOM, the binary SBOM, the runtime SBOM and more. An SBOM repository must handle any type of SBOM, he adds, regardless of competing standards.
“There are different companies generating different SBOMs, but you want a company that really does it well by actually identifying every single component properly,” he explains. “A quality SBOM can provide analytics around the SBOMs to add value for product builders and customers.”
In this show, he also demonstrates how builders and buyers can use SBOM Studio to generate a SBOM from an open-source application using CodeSecure’s CodeSentry binary composition analysis. This is the result of a partnership between CodeSecure and Cybeats announced in October. In the demonstration, the O/S, version, format, license warnings, and other meta data are analyzed against a data lake of known vulnerability and supply chain intelligence data. It is then further narrowed down to actionable vulnerabilities through application of the Known Exploitable Vulnerabilities (KEV) catalog and other information sources to prioritize and analyze “breachability,” as he says.
Share post:
Twitter
LinkedIn