"SBOMS and why they can help make your software more secure" - Anthony Harrison With a growing interest (or maybe it is just awareness) in Software Bill of Material (SBOM) raised by various initiatives from governments (US, EU and now the UK with the recently announced consultation on software security and resilience), SBOMs are starting (in certain markets) to form part of the development landscape. As software systems become increasingly complex relying on an extensive (and often unknown) software supply chain, it is essential to have a full understanding of all of the components which are used in a solution. This applies at all stages of the life cycle and an SBOM is considered to be a key artefact in providing the necessary information to support a vulnerability management process. This talk will explain what a SBOM is, how and when they should be produced (and some of the challenges that need to be overcome) and demonstrate how they should form part of a DevSecOPs lifecycle. I will try and supplement the talk with some demonstrations using a number of open source applications. SPEAKER BIO: Anthony Harrison Anthony is an independent systems/software/cyber consultant. Anthony is a member of the OpenSSF SBOM Everywhere working group and SBOM Forum. Anthony has presented on SBOMs at FOSDEM (2002 and 2023), EuroPython 2022 and at PyCascades (Vancouver). In his spare time Anthony teaches Python at Manchester CoderDojo and has acts as a mentor for Google Summer of Code (GSOC) projects supported by the Python Software Foundation ---- This talk was presented at the @OWASPLondon on April 18th, 2024 kindly hosted by ThoughtMachine and sponsored by @CheckmarxOfficial -- Do you want to attend OWASP London meetups in person? Follow OWASPLondon on LinkedIN/Meetup/EventBrite/Facebook/Twitter. Please SUBSCRIBE to this channel so you get notified when new videos are published #OWASP #OWASPLondon #SCA #AppSec ... https://www.youtube.com/watch?v=kAn4yjg3pqY

OWASP London Chapter Meeting 26th-Jan-2017. Talks presented by @DinisCruz: Introducing OWASP Summit 2017 Dinis will talk us through the open source tool he has been building for some time - the tool to perform and visualise the assessments using the OWASP Software Assurance Maturity Model (SAMM) and Building Security in Maturity Model (BSIMM) . Speaker Profiles: Dinis Cruz Dinis Cruz is a renowned application security expert who is passionate about creating Application Security teams and providing Application Security assurance across the Software Development Lifecycle (from development, to operations, to business processes, to board-level decisions). His focus is in the alignment of the business’s risk appetite with the reality created by internally developed applications. He is also an active Developer and Application Security Engineer. A key drive of his is to 'Automate Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform. Francois Raynaud Francois is the founder of DevSecCon a conference dedicated to DevSecOps, the fusion of Devops and Secops. He is actively involved in security automation projects supporting continuous delivery and currently working as the enterprise security architect for a global retailer preceded by 17 years at ASOS, Betfair, Verizon Business, HSBC and RSA where his consulting engagement spanned across implementing CERT teams, incident response strategy, security architecture design, IT security management and penetration testing. ... https://www.youtube.com/watch?v=n6R_pJh3l0w