Patrick Dwyer
[OWASP]
Patrick is the software development lead for a Government organisation and a member of the CycloneDX Software Bill of Materials Core Working Group.
He also participates in multiple software component transparency working groups.
Vegemite. Is it the solution to software supply chain risk?
Why do we know more about what's inside Vegemite than our critical infrastructure?
This talk will cover the problem of software supply chain risk. As it applies to software applications and embedded devices like medical devices and industrial control systems. How Vegemite addresses transparency, and how this transparency can be applied to software and embedded devices.
A software bill of materials, essentially a list of ingredients, enables organisations to perform automated software supply chain risk analysis. As is suitable for their environment. Much like every day consumers, with a food allergy or intolerance, make risk based decisions for the food they purchase and consume. And how an organistation can quickly answer the questions "are we affected?" and "where are we affected?" when the next Ripple20 or ACSC advisory 2020-008, "copy-paste advisory", drops.
International cross industry efforts to make software component transparency the new norm are already underway. And there are opportunities for Australian organisations to participate and lead the way.
He also participates in multiple software component transparency working groups.
Vegemite. Is it the solution to software supply chain risk?
Why do we know more about what's inside Vegemite than our critical infrastructure?
This talk will cover the problem of software supply chain risk. As it applies to software applications and embedded devices like medical devices and industrial control systems. How Vegemite addresses transparency, and how this transparency can be applied to software and embedded devices.
A software bill of materials, essentially a list of ingredients, enables organisations to perform automated software supply chain risk analysis. As is suitable for their environment. Much like every day consumers, with a food allergy or intolerance, make risk based decisions for the food they purchase and consume. And how an organistation can quickly answer the questions "are we affected?" and "where are we affected?" when the next Ripple20 or ACSC advisory 2020-008, "copy-paste advisory", drops.
International cross industry efforts to make software component transparency the new norm are already underway. And there are opportunities for Australian organisations to participate and lead the way.
