RVAsec 2023 has ended
Streaming: https://mssvideo.vcu.edu/RVAsec
Back To Schedule
Tuesday, June 13 • 2:00pm - 2:50pm
Software Bills of Behaviors: Why SBOMs Aren't Enough

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

avatar for Andrew Hendela

Andrew Hendela

Co-founder, Karambit.AI
Andrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.

Tuesday June 13, 2023 2:00pm - 2:50pm EDT
1st Floor, Magnolia Room