Back To Schedule
Thursday, February 2 • 11:00am - 11:35am
SBOMs, VEX, and Kubernetes - Kiran Kamity, Deepfactor; Jonathan Meadows , Citi; Dr. Allan Friedman, Cybersecurity and Infrastructure Security Agency; Andrew Martin, Control Plane; Rose Judge, VMware

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software supply chain security is rapidly becoming critical to overall security. Softwarew Bill of Materials (SBOMs) formats are standardizing around CycloneDX, SPDX, etc. VEX (vulnerability exploitability exchange) is emerging as a standardized companion to SBOMs to help determine whether a vulnerability is exploitable. For Kubernetes app developers, how do we address the supply chain problem? This panel discusses the practical and operational aspects of gathering, using, and handling SBOMs for containers: both running on Kubernetes and the underlying images that comprise Kubernetes itself. We will cover use cases from open source projects, through vendors and cloud providers, to the use of SBOMs in highly regulated environments including financial services and critical national infrastructure. Panelists include experts and practitioners with deep expertise in SBOMs, VEX, supply chain security, and cloud native application security.

avatar for Allan Friedman, PhD

Allan Friedman, PhD

Senior Advisor and Strategist, Department of Homeland Security
Dr. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability initiatives and works to advance their adoption... Read More →
avatar for Kiran Kamity

Kiran Kamity

Founder & CEO, Deepfactor
Kiran Kamity is the Founder & CEO of Deepfactor. He is a passionate serial Silicon Valley entrepreneur. Prior to Deepfactor, Kiran was the Head of product at Cisco Cloud BU, Founder/CEO at ContainerX (acquired by Cisco), and the Founder/VP at RingCube (acquired by Citrix). Kiran is... Read More →
avatar for Jonathan Meadows

Jonathan Meadows

MD - Cyber Security and Tech Fellow, CITI
Jonathan (Jon) Meadows is the Managing Director of Cyber Security at Citigroup, a role to which he was named in December 2019. He joined Citigroup from JPMorgan Chase, where he most recently served as Executive Director and Head of Security Engineering, Corporate and Investment Banking... Read More →
avatar for Andrew Martin

Andrew Martin

CEO, ControlPlane
Andrew has an incisive security engineering ethos gained building and destroying high-traffic web applications. Proficient in systems development, testing, and operations, he is at his happiest profiling and securing every tier of a cloud native system, and has battle-hardened experience... Read More →
avatar for Rose Judge

Rose Judge

Senior Open Source Engineer, VMware
Rose Judge is a Senior Open Source Engineer at VMware where she co-maintains Tern, an open source container inspection tool that generates container SBOMs. Additionally, she is a member of the SPDX Steering Committee and chair of the Linux Foundation’s Automating Compliance Tooling... Read More →

Thursday February 2, 2023 11:00am - 11:35am PST
Room 606/607
  Supply Chains
  • Content Experience Level Any