Home | _scurity
Sharing some highlights and notes from CISA’s SBOM-a-rama I
virtually attended. Talks categorized into 3 - Governments & Industry, CISA Working Groups, and Discussion
Previously I said threat modelling was a big theme at
the conference, but I think embracing failure would be another. Lots of presenters shared their failures and how they
learned from them and grew their programs from those lessons learned. This is something I’ve really got behind recently.
Another thought I had when people presented especially around solutions was what’s the role of the product/application
security team?
This week I attended OWASP Global AppSec Dublin 2023 and it was good to be
back at an OWASP event and connect with some familiar faces but also great to see new faces too. I think the overall
attendance was around 500, and it was well-run - we were well-fed and watered! It was also great to see all
four keynotes delivered by women. However, I’m still not sure about the rebrand (Open Worldwide Application Security
Project). I get you got to keep the wasp though…
Moving from Ubuntu to macOS meant losing native support for Docker but luckily Multipass
came to the rescue to give a native like experience.
Last week I attended the Linux
Foundation’s Open Source Summit Europe here in my
hometown of Dublin where I mainly camped out at
the SupplyChainSecurityCon
event. The talks focused on SBOMs, SLSA, VEX, provenance, attestation and signing. He’s what I picked up at the event
over the 4 days.