The Multiverse of SBOM Phases
Hasan Yasar
The Multiverse of SBOM Phases
Hasan Yasar
There’s no better way to get to know someone than staying awake for 24 hours straight while moderating sessions of the world’s biggest virtual DevOps conference – All Day DevOps. It’s One of the many times I’ve gotten to spend with Hasan Yasar over the years.
We were hunkered down in an office in Tyson’s Corner, just outside of Washington, DC, broadcasting throughout the day to an audience spanning the world, introducing some of the world’s most talented minds before they shared their stories.
Hassan and I met back in 2017 when we were both speaking at DevOps Connect at RSA, and I was floored at the wealth of knowledge he had about DevSecOps. He’s done the research, knows the practice, and has the mind of an architect.
Hassan isn’t only a speaker in the community, though, he’s also an organizer of events such as DevSecOps Days Istanbul, DevSecOps Days Tokyo, and one very memorable panel I was on at an event hosted by the Software Engineering Institute at Carnegie Mellon University. Hassan placed me on a panel beside Brigadier General Greg Tohill in front of an audience of military personnel to discuss DevSecOps.
I will never forget fielding a question with General Tohill from a member of the Air Force. They asked “how do you fail fast with a ballistic missile?”
” You better have some good simulators.”
When Hassan and I caught up again at the RSA conference this year, our conversation turned to the topic of Software Bill of Materials and how they fit into the SDLC.
… and then Hassan started talking about how we could shift them extremely far left…
Welcome back, to daBOM.
Add TACOS to your SBOM Combo Platter
Lauren Hanford
Add TACOS to your SBOM Combo Platter
Lauren Hanford
Remember the X-Files television show? Dana Scully was one of the main characters – a brilliant FBI agent who worked on unsolved cases involving paranormal phenomena. Often skeptical of the supernatural, she was always willing to keep an open mind, and she was also a great role model.
She inspired many women in Technology, one of them being Lauren Hanford. Scully’s inspiration led Lauren into the field of Criminal Justice and Chemistry, and then she made a pivot into Computer Science, and Design. The catalyst being a desire to make doing homework easier.
It’s funny how technology always finds us.
Lauren has been a part of the open source community for years, and has a massive understanding of the space.
Recently, she brought the TACOS framework (Trusted Attestation and Compliance for Open Source) to the community to help assess the secure development practices of open source software. It’s a perfect companion to a software bill of materials.
…and the name? It’s a nod to GUAC and to SLSA.
Welcome back, to daBOM
00
Introduction
Episode release on 3/28/2023
01
The CycloneDx SBOM Format Guest: Steve Springett
Episode release on 4/4/2023
02
Exchanging BOM data with DBOM Guest: Chris Blask
Episode release on 4/11/2023
03
What's in the box Guest: Allan Friedman
Episode release on 4/18/2023
04
It's all about Trust...
Guest: Shannon Lietz
Episode release on 4/25/2023
05
From the engineering perspectiveGuest: Max Huber
Episode release on 5/2/2023
06
What do we do with these things? Guest: Daniel Bardenstein
Episode release on 5/9/2023
07
What's VEX got to do, got to do with it? Guest: Steve Springett
Episode release on 5/16/2023
08
Chris Hughes on Government and Cybersecurity: Where do we stand?
Episode release on 5/23/2023
09
Brian Fox and the Creation of Open Source Repos
Episode release on 5/30/2023
10
Ritesh Noronha on Why Quality Matters
Episode release on 6/6/2023
11
Lisa Bradley on challenges at scale
Episode release on 6/13/2023
12
Brian Reed on Reverse Engineering Software with SBOM
Episode release on 6/20/2023
13
Dan Walsh on Practical Use from a CISO in Healthcare
Episode release on 6/27/2023
14
Tim Miller on Do You Want Some GUAC with that SLSA?
Episode release on 7/4/2023
