利用SBOM和VEX确定漏洞的可利用性.pdf

编号:981758 PDF 34页 2.52MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHAS BlackHatEventsDetermining Exploitability of Vulnerabilities with SBOM and VEXAnusha PenumachaSrinija Kammari#BHAS BlackHatEventsCisco ConfidentialSoftware Composition AnalysisSoftware Bill Of MaterialsVulnerability Exploitability eXchange#BHAS BlackHatEventsCisco ConfidentialWhat is SBOM?A Sof

2、tware Bill of Materials(SBOM)is a detailed inventory that lists all open source,custom and third party dependencies used by a software product.Why is it important?By maintaining an accurate SBOM,organizations can gain insight into thecomposition of their software,allowing them to identify and remedi

3、ate vulnerabilitieseffectively.To be compliant with U.S Cybersecurity Executive Order 14028 which highlightsthat every enterprise that develops critical software should be providing a purchasera Software Bill of Materials(SBOM)for each product directly or by publishing it on apublic website#BHAS Bla

4、ckHatEventsCisco ConfidentialOur Open-Source Security Posture 2022#BHAS BlackHatEventsCisco ConfidentialOur Open-Source Security Posture 2022Self Service,developer friendlyShift left mechanism enabled developer ownership Difficult to gather org-wide inventoryNo holistic picture for Product Security#

5、BHAS BlackHatEventsCisco ConfidentialHere are some things we did before building telemetryBuilding Centralized scan platformBuilding Asset InventoryScalable centralized system for performing end-to-end operationsSource of Truth for the product(repositories/artifacts)#BHAS BlackHatEventsCisco Confide

6、ntialStep 1:Build an asset inventory+ownership mapping Executive Order for SBOM came in as an opportunity Emphasized the importance of asset inventory management Started mapping repos/artifacts towards products Need to build internal tooling to maintain this but necessary#BHAS BlackHatEventsCisco Co

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(利用SBOM和VEX确定漏洞的可利用性.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠