17 Dec 2022
Activities in Japan along with 10 Streams of OSS Security Mobilization Plan - Muuhh Ikeda, Cybertrust
Compared to other industries such as automotive, cloud service providers in Japan, including Cybozu, who build their system without outsourcing are not so familiar with the terms such as Software Bill of Materials (SBOM) and Supply Chain because they usually do not need to share the list of software they use with other companies.
In this talk, the speaker will explain why the importance of SBOM Everywhere is still not so easy to understand in such a company. The talk will also include a brief discussion about the possibility of SBOMs being used in certification programs, such as ISMAP, and how to prepare for such a future.
Compared to other industries such as automotive, cloud service providers in Japan, including Cybozu, who build their system without outsourcing are not so familiar with the terms such as Software Bill of Materials (SBOM) and Supply Chain because they usually do not need to share the list of software they use with other companies.
In this talk, the speaker will explain why the importance of SBOM Everywhere is still not so easy to understand in such a company. The talk will also include a brief discussion about the possibility of SBOMs being used in certification programs, such as ISMAP, and how to prepare for such a future.
- 1 participant
- 14 minutes
17 Dec 2022
Open Source Security and the OpenSSF’s Best Practices WG - David Wheeler, Linux Foundation
Software security is critical today, and that includes open source software (OSS). This talk will discuss some general principles involving software security and OSS, including supply chain security, as well as the Open Source Security Foundation (OpenSSF)'s best practices working group and the steps it is specifically taking to address these challenges.
Software security is critical today, and that includes open source software (OSS). This talk will discuss some general principles involving software security and OSS, including supply chain security, as well as the Open Source Security Foundation (OpenSSF)'s best practices working group and the steps it is specifically taking to address these challenges.
- 1 participant
- 21 minutes
17 Dec 2022
Protecting Kubernetes Resource Manifests in End-to-end SDLC - Yuji Watanabe, IBM
- 1 participant
- 14 minutes
17 Dec 2022
Sigstore: Using Transparent Digital Signatures to Help Secure the Software Supply Chain - Bob Callaway, Google
- 1 participant
- 20 minutes