SBOMs for Evil: From Software Supply Chain Documentation to an Attack Path


Posted on in Presentations

Whether someone is a technical cybersecurity professional, penetration tester, hacker, or nation-state adversary, they should join this session to learn how to incorporate SBOMs into the testing toolbox. Covering SBOM basics, formats (CycloneDX, SPDX), and real-world use cases, such as compromising IoT devices or software applications through analysis of SBOM CVE-linked components.

Participants
Larry Pesce

Speaker

Product Security Research and Analysis Director, Finite State


Share With Your Community