February 1-2, 2023 | Seattle, WA
View More Details | Registration Information

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for CloudNativeSecurityCon North America 2023 to participate in these sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

Please note: This schedule is automatically displayed in Pacific Standard Time (PST), UTC -8. To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

The schedule is subject to change.
Back To Schedule
Wednesday, February 1 • 1:55pm - 2:00pm
⚡ Lightning Talk: Software Dark Matter is the Enemy of Software Transparency - Santiago Torres-Arias, Purdue University

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Software transparency has become the north star for many interested in software supply chain security. For instance, advocates of software bills of materials (SBOMs) believe that SBOMs provide the data layer that will allow software producers and consumers to achieve software transparency.  But there's an unrecognized impediment to achieving software transparency and to creating accurate and complete SBOMs: software dark matter. Software dark matter are files that are unregistered by a package manager, effectively invisible to many software composition analysis tools and vulnerability scanners. This software dark matter reduces the utility of security tools and complicates the quest for software transparency.  To understand the magnitude of the software dark matter problem, this project analyzed 350 popular Docker Hub images, quantifying the software dark matter percentage. The average popular container is approximately 30 percent dark matter. Using an average weighted by the number of files, the typical container is 60 percent dark matter.  The talk finishes with a call to avoid software dark matter in container images.

avatar for Santiago Torres-Arias

Santiago Torres-Arias

Assistant Professor of Electrical and Computer Engineering, Purdue University
Santiago is an Assistant Professor at Purdue's Electrical andComputer Engineering Department. His interests include binaryanalysis, cryptography, distributed systems, andsecurity-oriented software engineering. His current researchfocuses on securing the software development lifecycle... Read More →

Wednesday February 1, 2023 1:55pm - 2:00pm PST
Room 602/603