Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
Chris Gates
VelentiumMike Powers
Christiana Health
Sounil Yu
BoA
Chris Robbins
RedHat
Bob Martin
DoD
Josh Corman
PTC
N/A Developers Custodian
Monitor NVD
Monitor News
?Coordinated Vulnerability Disclosure?
?Secure Coding??Security Requirements?
?Security Training?Build
ProduceBill of Materials
Test
Release
POSTBill of Materials
Architect/Lead Developers Owner/PSIRT
Monitor NVD
Monitor News
?Coordinated Vulnerability Disclosure?
?Secure Coding??Security Requirements?
?Security Training?
ProduceBill of Materials
BuildEvaluate Direct Dependencies
Evaluate Inherited Dependencies
Project Parts M if t
New Parts Need
Test
Release
Architect/Lead Developers PSIRT
Monitor NVD
Monitor News
?Coordinated Vulnerability Disclosure?
?Secure Coding??Security Requirements?
?Security Training?
ProduceBill of Materials
BuildEvaluate Direct Dependencies
Evaluate Inherited Dependencies
Project Parts M if t
New Parts Need
Test
Regulator Approval
Notify Regulator
?Notify CERTs?
Procurement IT/Operations SoC/NoC/MSSP
Monitor NVD
Monitor News
Monitor Supplier Alerts
Evaluate SBoMRFP Definition
Request SBoMs
Factor Mitigations
Select/Purchase/MSA Suppliers/Goods
Seek Least Vulnerable version
Test
Go LIVE!
AM I affected?
WHERE am I Affected?
Security/Risk
Ts & Cs Boilerplate
20% off if none
Prohibited Tech?
Compare Hygiene
Leverage SBoM
Acquisition
-----
-----
-----
-----
-----
-----
-------------------------
--------------------
-------------------------
--------------------
------------------------------------------
------------------------------------
-----
-----
-----
-----
-----
-----
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
-------------------------
Chris Gates
VelentiumMike Powers
Christiana Health
Sounil Yu
BoA
Chris Robbins
RedHat
Bob Martin
DoD
Josh Corman
PTC