SBOMs suck, long live SBOM’s
Take a walk down SBOM lane with me. Let’s look at how SBOMs are built, why they are largely meaningless and what we can do to make them a whole lot more useful. Cut through the vendor hype and spend money better. This talk seeks to examine the reality of the SBOM ecosystem to give attendees an understanding of what a good SBOM looks like and why they probably aren’t getting them. An in-depth examination of what a good SBOM looks like will be performed and compared against what we are currently seeing from “un-named” vendors.
Ben Gittins
Ben is a Principal Security Engineer at Bugcrowd, he has an extensive background in security and tech more broadly with over 10 years of experience in various positions across companies from startup to enterprise. He has not only been at the forefront of Supply Chain Security but is also responsible for developing and designing tooling specifically focussing on Software Supply Chain security in both a commercial and open source capacity. He has an extensive academic and professional background with a masters and several other degrees, as well as extensive professional certifications. A hacker by day (and night) Ben spends his time securing the software we all use on a daily basis by building a secure platform for the number 1 crowdsourced security platform. In his spare time he works with the ACS and the Australian Women in Security network to help develop the next generation of hackers.