CloudNative SecurityCon
Seattle, WA February 1-2
The Deepfactor team will be in Washington to discuss all things cloud native AppSec so please stop by.
Additionally, our CEO, Kiran Kamity, will be moderating a panel Thursday, 2/2 @ 11am entitled “SBOMs, VEX, and Kubernetes.”
Panelists include experts and practitioners with deep expertise in SBOMs, VEX, supply chain security, and cloud native application security:
- Allan Friedman, PhD, Senior Advisor and Strategist, Cybersecurity and Infrastructure Security Agency
- Jonathan Meadows, Managing Director, Cyber Security, Citi
- Andrew Martin, CEO, ControlPlane
- Rose Judge, Senior Open Source Engineer, VMware
Session Abstract:
Software supply chain security is rapidly becoming critical to overall security. Software Bill of Materials (SBOMs) formats are standardizing around CycloneDX, SPDX, etc. VEX (vulnerability exploitability exchange) is emerging as a standardized companion to SBOMs to help determine whether a vulnerability is exploitable. For Kubernetes app developers, how do we address the supply chain problem? This panel discusses the practical and operational aspects of gathering, using, and handling SBOMs for containers: both running on Kubernetes and the underlying images that comprise Kubernetes itself. We will cover use cases from open source projects, through vendors and cloud providers, to the use of SBOMs in highly regulated environments including financial services and critical national infrastructure.
Register: https://events.linuxfoundation.org/cloudnativesecuritycon-north-america/register/