Sharing some highlights and notes from CISA’s SBOM-a-rama I virtually attended. Talks categorized into 3 - Governments & Industry, CISA Working Groups, and Discussion

Previously I said threat modelling was a big theme at the conference, but I think embracing failure would be another. Lots of presenters shared their failures and how they learned from them and grew their programs from those lessons learned. This is something I’ve really got behind recently. Another thought I had when people presented especially around solutions was what’s the role of the product/application security team?

This week I attended OWASP Global AppSec Dublin 2023 and it was good to be back at an OWASP event and connect with some familiar faces but also great to see new faces too. I think the overall attendance was around 500, and it was well-run - we were well-fed and watered! It was also great to see all four keynotes delivered by women. However, I’m still not sure about the rebrand (Open Worldwide Application Security Project). I get you got to keep the wasp though…

Moving from Ubuntu to macOS meant losing native support for Docker but luckily Multipass came to the rescue to give a native like experience.

Last week I attended the Linux Foundation’s Open Source Summit Europe here in my hometown of Dublin where I mainly camped out at the SupplyChainSecurityCon event. The talks focused on SBOMs, SLSA, VEX, provenance, attestation and signing. He’s what I picked up at the event over the 4 days.