icon-carat-right menu search cmu-wordmark

Don't Let SBOMs become Yet Another Compliance Activity

Presentation
This session was presented by Lt. Col. Camdon Cady of Platform One, U.S. Air Force at DevSecOps Days Washington D.C. 2024, held on September 18, 2024.
Publisher

Software Engineering Institute

Abstract

Software Bills of Materials, or SBOMs, are a hot topic when it comes to our so-called software supply chains. The promise of SBOMs is huge: know what you're running across all of your infrastructure and assess your exposure to a vulnerability in seconds. But without careful work by the community, we risk SBOMs become just another compliance gate that gives a false sense of security without commensurate value.

Lt. Col. Camdon Cady is the Chief Technology Officer at Platform One. There, he helps lead the first enterprise DevSecOps initiative in the DoD. Through his research interests in formal languages and software analysis, he hopes to one day see the Air Force move beyond Excel as the primary database of choice.