Loading…
Back To Schedule
Thursday, February 2 • 11:00am - 11:35am
SBOMs, VEX, and Kubernetes - Kiran Kamity, Deepfactor; Jonathan Meadows , Citi; Dr. Allan Friedman, Cybersecurity and Infrastructure Security Agency; Andrew Martin, Control Plane; Rose Judge, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
Feedback form is now closed.
Software supply chain security is rapidly becoming critical to overall security. Softwarew Bill of Materials (SBOMs) formats are standardizing around CycloneDX, SPDX, etc. VEX (vulnerability exploitability exchange) is emerging as a standardized companion to SBOMs to help determine whether a vulnerability is exploitable. For Kubernetes app developers, how do we address the supply chain problem? This panel discusses the practical and operational aspects of gathering, using, and handling SBOMs for containers: both running on Kubernetes and the underlying images that comprise Kubernetes itself. We will cover use cases from open source projects, through vendors and cloud providers, to the use of SBOMs in highly regulated environments including financial services and critical national infrastructure. Panelists include experts and practitioners with deep expertise in SBOMs, VEX, supply chain security, and cloud native application security.
Speakers
avatar for Allan Friedman

Allan Friedman

Senior Advisor and Strategist, CISA
Dr. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around SBOM and related initiatives. Prior to joining government, Friedman spent over a decade as a noted infosec and... Read More →
avatar for Kiran Kamity

Kiran Kamity

Founder & CEO, Deepfactor
Kiran Kamity is the Founder & CEO of Deepfactor. He is a passionate serial Silicon Valley entrepreneur. Prior to Deepfactor, Kiran was the Head of product at Cisco Cloud BU, Founder/CEO at ContainerX (acquired by Cisco), and the Founder/VP at RingCube (acquired by Citrix). Kiran is... Read More →
avatar for Jonathan Meadows

Jonathan Meadows

Managing Director, Cyber Security, Citi
tbc
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Rose Judge

Rose Judge

Senior Open Source Engineer, VMware
Rose Judge is a Senior Open Source Engineer at VMware where she co-maintains Tern, an open source container inspection tool that generates container SBOMs. Additionally, she is a member of the SPDX Steering Committee and chair of the Linux Foundation’s Automating Compliance Tooling... Read More →

SBOM VEX Kubernetes CloudNativeSecurityCon 2023 ppt pdf
Thursday February 2, 2023 11:00am - 11:35am PST
Room 606/607
  Supply Chains
  • Content Experience Level Any