Name: Mastering SBOMs: How to Thrive After EO 14028
Start: 2023-05-17T17:00:00Z
End: 2023-05-17T17:00:29.000Z
Location: BrightTALK
Rating: 4.8

Sonatype is the software supply chain management company. We empower developers and security professionals with intelligent tools to innovate more securely at scale. Our platform addresses every element of an organization’s entire software development life cycle, including third-party open source code, first-party source code, infrastructure as code, and containerized code. Sonatype identifies critical security vulnerabilities and code quality issues and reports results directly to developers when they can most effectively fix them. This helps organizations develop consistently high-quality, secure software which fully meets their business needs and those of their end-customers and partners. More than 2,000 organizations, including 70% of the Fortune 100, and 15 million software developers already rely on our tools and guidance to help them deliver and maintain exceptional and secure software.

Generating a Software Bill of Materials (SBOM) is often seen as a compliance checkbox—but what comes next? To truly secure the software supply chain, organizations need to go beyond static documentation and turn their SBOMs into actionable insights. When integrated into a Software Composition Analysis (SCA) strategy, SBOMs become a powerful tool for continuous risk management, proactive security, and regulatory compliance.

From Checklist to Action – How SBOMs Drive a Stronger SCA Strategy

With tightening global regulations, including U.S. CISA attestation requirements and the EU Cyber Resilience Act, SBOMs are essential for compliance and security. 

Learn how Sonatype, AWS, and Fortify by OpenText™ continue to advance software security and manage SBOMs effectively in regulated industries.

The Power of SBOMs: Regulations Looming

As Rust gains traction in enterprise environments, ensuring security and scalability becomes paramount. In our final episode in this three part Rust series our expert panel brings together leading voices in software development to discuss how enterprises can define and build a secure Rust ecosystem. 

From unpacking the importance of memory safety to managing unsafe code and vetting open-source dependencies, our speakers will share actionable insights and real-world experiences. We'll also explore how Sonatype's latest Rust support capabilities address these challenges. 

Don’t miss this engaging discussion on how enterprises can confidently harness Rust’s potential while maintaining rigorous security and operational standards.

Rust in the Enterprise: Best Practices and Security Considerations

We look into Rust's rise that has sparked a vibrant ecosystem, but navigating its landscape requires thoughtful exploration. In this panel discussion, industry-leading experts will dive into the heart of Rust's crates ecosystem, sharing strategies for identifying high-quality libraries amidst a sea of options. 

We'll discuss the learning curve developers face and how they can quickly become productive while adopting best practices from the outset. Our panel will also examine the role of organizations like Sonatype in fostering Rust's growth and maturity. 

Join us as we discuss how Rust is shaping the future of software development and what lies ahead for this transformative language.

Rust Rising: The Journey and Current Landscape

Rust has rapidly evolved from a niche language to a powerful tool embraced by millions of developers worldwide. With its user base growing to an impressive 4 million, Rust addresses critical challenges in software development, offering memory safety and concurrency without sacrificing performance. 

This panel discussion explores Rust's journey, its current adoption phase, and the major industry players supporting its growth. We will also tackle the perception of Rust as a niche language and discuss the future challenges it faces. 

In this webinar to understand why Rust is gaining traction and how it is reshaping the development landscape.

The State of Rust Adoption

The SBOM Manager automation tools and continuous integration systems ensure that security checks are consistent and comprehensive, reducing the risk of human error and ensuring timely responses to vulnerabilities.

Learn how SBOM Manager: 

- Continuously monitors and regularly scans the SBOMs for new vulnerabilities.
- Keeps the SBOMs up-to-date with the latest vulnerability data. 
- Alerts and notifies users about new vulnerabilities or significant changes in the vulnerability status of components

How to Continuously Monitor SBOMs

The SBOM Manager distribution function allows organizations to share SBOMs with external parties, such as customers, regulators, and partners. This ensures transparency and compliance with regulatory requirements.

Learn how SBOM Manager: 
- Provides SBOMs annotations, enhancing the value of the SBOM for external stakeholders
- Uses secure methods to share SBOMs, ensuring that the data is protected during transit
- Verifies that the SBOMs meet all regulatory requirements before sharing
- Plug sharing workflow

How to Share SBOMs

Understand the essential duo of SCA and SBOM management and why you need both. 

Learn about:

- The role of SCA vs. SBOMs
- The combination of both SCA and SBOM management in a software development lifecycle
- How to integrate SBOM management into your SCA tools

Why You Need Both SCA and SBOM Management

Learn what the first steps are in managing your SBOMs like a pro. In this inaugural session, you’ll learn the basics of SBOM Management. 

In this session, we'll cover: 

- SBOM Standards & background
- Planning for Scale
- Prioritizing Automation
- Integrating into Existing Infrastructure
- Setting up for Continuous Improvement
- Auditing SBOMs and Sharing them Easily

How to Manage SBOMs

De nombreuses entreprises pensent qu'elles peuvent éliminer les attaques malveillantes en attendant d'analyser les logiciels avant qu'ils n'entrent en production, alors que dans de nombreux cas, il est trop tard.

Rejoignez Hervé Boutemy, Sonatype et Pierre Cheval, OpenText Fortify sur la façon dont Sonatype Repository Firewall empêche les risques open source connus et inconnus d'entrer dans votre chaîne d'approvisionnement.

Cette session abordera les sujets suivants:

Comment votre entreprise peut améliorer la sécurité sans impacter la productivité des développeurs
Comment Repository Firewall peut protéger votre chaîne d'approvisionnement en logiciels et s'intégrer à votre ensemble d'outils existants.

Démo en direct de Repository Firewall de Sonatype

Rejoignez Hervé Boutemy pour découvrir comment notre NOUVELLE solution SBOM Manager simplifie l'ingestion, la gestion, le contrôle et la conformité.

La session couvrira:

Comment SBOM Manager peut rationaliser et automatiser l'audit, la distribution et le contrôle des SBOM à grande échelle, en garantissant la conformité avec les dernières réglementations.

Démo en direct de Sonatype SBOM Manager

Is your organisation prepared for the Cyber Resilience Act? 

Join experts from Schneider Electric and Sonatype as they break down the key components of the Cyber Resilience Act, its implications for businesses, and effective strategies for compliance. 

Gain the insights you need to ensure your organisation meets these new regulatory standards.

Preparing for the Cyber Resilience Act: Insights with Schneider Electric

Rejoignez Hervé Boutemy pour découvrir les fonctionnalités et les avantages de Sonatype Lifecycle, et montrer comment il peut transformer votre approche du développement et de la sécurité des logiciels.

La session couvrira les points suivants
Adapter le cycle de vie de Nexus au profil de risque de votre organisation
L'autonomisation des développeurs dans leurs outils natifs - i.e. déplacer la sécurité à gauche

Démo en direct sur Sonatype Lifecycle

Is your organisation prepared for the Digital Operational Resilience Act (DORA)? 

Join SurePay and Sonatype as we take a deep dive into understanding and achieving DORA compliance. This session will cover the key aspects of DORA, its impact on the financial sector, and practical steps to ensure your organisation meets the new regulatory requirements.

In this session you will:

- Gain a clear understanding of the Digital Operational Resilience Act, its objectives, and key requirements.
- How DORA will impact financial institutions and their third-party ICT service providers.
- Discover best practices and actionable steps to prepare for and achieve DORA compliance.

Understanding DORA Compliance: Insights from SurePay and Sonatype

Is your organisation ready for the NIS2 Directive?

Join Ilkka Turunen, Field CTO at Sonatype, and Helen Oakley, Director of Secure Software Supply Chains & Secure Development from SAP who will guide you through the essentials of NIS2 compliance. 

This session you will:

- Gain a clear understanding of the NIS2 Directive, its scope, and key requirements
- Explore how NIS2 will affect your organisation and the broader software industry
- Discover best practices from SAP’s experience
- Takeaway actionable steps to prepare for and achieve NIS2 compliance

NIS2 Compliance Demystified: Insights with SAP and Sonatype

This session will feature a comprehensive panel discussion on the latest regulatory changes and their implications for organisations. 

Jen Ellis, co-host of the Distilling Cyber Policy podcast, will guide the discussion with Alex Botting, EU Engagement Officer at the Center for Cybersecurity Policy and Law and Ilkka Turunen, Field CTO at Sonatype. 

Our expert panel will delve into key regulations such as NIS2, DORA, and the Cyber Resilience Act, providing valuable insights and practical advice.

Exploring the Future of Software Compliance

In this webinar, you will learn how you can enable the transformative concept of shifting security left, create an early warning system of open source risks in your CI/CD pipelines while instilling confidence in the integrity of your digital assets, and propelling your innovation priorities. 

As digital transformation continues its relentless march, software development has emerged as a crucial driver of innovation and differentiation. However, blind spots in the software supply chain, and the inability to spot them and mitigate subsequent threats can compromise your organization's integrity and even pose an existential threat. When the constant pressure of new product releases while ensuring quality and security is added to the mix, it can quickly become a slippery slope for devs and security teams. 

Sonatype Lifecycle provides a robust platform to empower your teams, offering a modern approach to software development - from identifying and mitigating open-source vulnerabilities to enforcing policy compliance at every stage of development - at enterprise scale and DevOps speed.

Sonatype Lifecycle 101: Balance software supply chain security & DevOps agility

We’re excited to invite you to an exclusive webinar featuring a live demo of our NEW SBOM Manager!  Watch the recording to see how SBOM Manager simplifies ingestion, management, monitoring, and compliance.

Learn how SBOM Manager can streamline and automate your auditing, distribution, and monitoring of SBOMs at scale, ensuring compliance with the latest regulations.

DEMO:  Experience SBOM Manager

It’s no secret that software supply chain attacks have reached new heights. The Biden Administration’s Executive Order 14028 emphasizes the need for more secure development processes and requires a software bill of materials (SBOM) for all applications. Change is coming, but with proper preparation, your organization's only significant changes will be more security and more productivity.

Join Sonatype’s Brian Fox and Red Hat’s Michelle Davis as they provide pressing information on what Executive Order 14028 might mean for your organization, including: 
- What is an SBOM? And why are they so important for application security? 
- How SBOMs help identify and mitigate potential security vulnerabilities
- Different ways to effectively implement SBOMs in your organization

Mastering SBOMs: How to Thrive After EO 14028

SBOM

Software Supply Chain

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Join thousands of engaged IT professionals in the application management community on BrightTALK. Interact with your peers in relevant webinars and videos on the latest trends and best practices for application lifecycle management, application performance management and application development.

Application Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Mastering SBOMs: How to Thrive After EO 14028

Presented by

About this talk

More from this channel