At the Forrester Security & Risk Forum, ReversingLabs Field CISO Matt Rose talks about what an SBOM provides — and how it can be put to good use. Here's a preview.
The Forrester Security & Risk Forum is taking place this week in Washington D.C. with a full agenda, tackling a range of issues, from the cyber implications of geopolitical disruptions to the privacy and security implications of the Metaverse.
One of the big topics of conversation this year is, of course, software supply chain risks. ReversingLabs Field CISO Matthew Rose is on hand to present a talk on "Going Beyond the SBOM."
SBOMs are a hot topic right now — but also one surrounded by a lot of uncertainty. The question many organizations are wrestling with is less about whether they need an SBOM, and more about what they can do with an SBOM.
[ Get a free SBOM and supply chain risk analysis report ]
Rose outlines in his talk what type of information an SBOM provides, and how that information can be used. He also discusses how "checkbox" SBOM compliance, where SBOMs are done without any real purpose, isn't enough to protect you from software supply chain risks.
Keep learning
- Gartner is redefining software supply chain security, and calling on enterprises to make some big changes. Get the new Gartner Leader's Guide — and learn more in our Special Report.
- Learn about complex binary analysis and why it is critical to software supply chain security in our Special Report. Plus: Take a deep dive with RL's white paper.
- Commercial software risk is under-addressed. Get key insights with our Special Report, download the related white paper — and see our related Webinar for more insights.
- Understand key trends and get expert insights with our special report package: The State of Supply Chain Security (SSCS) 2024. Plus: Download the full State of SSCS report.
- Read about why you need to upgrade your AppSec tools for the SSCS era. Plus: Download and share our Definitive Guide to SSCS.
Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.