Guest: Anant Srivastava, Chief researcher & Founder @ Cyfinoid Research Pvt Ltd
Often, it’s not your code that gets breached, it’s the code you inherit. We expose the hidden dangers lurking in your Software Supply Chain and reveal the single document that can save you: the SBOM.
In this episode, Neelu and Anant delve into the concept of Software Bill of Materials (SBOM), its significance in the #cybersecurity landscape, and the challenges associated with its implementation. They discuss the limitations of current #sbom practices, the importance of understanding transitive #dependencies, and the need for a comprehensive approach to #supplychainsecurity. The conversation also touches on the static nature of #SBOMs, the debate over public versus private SBOMs, and the role of #vex and VDR in managing #vulnerabilities. Anant shares insights from his experiences in the field and emphasizes the importance of centralized dependency management in ensuring software security.
Recommended reading/viewing, Paper for practitioners
- https://www.cisa.gov/sites/default/files/2025-08/2025_CISA_SBOM_Minimum_Elements.pdf
- https://knightcolumbia.org/content/ai-as-normal-technology
- https://cyfinoid.com/automating-a-known-weakness-introducing-keychecker/
- https://github.com/cyfinoid/sbomplay
- https://cyfinoid.com/introducing-sbom-play-a-privacy-first-sbom-explorer-with-vulnerability-license-insights/