Let's tackle open-source supply chain issues with open source By Naruhiko Ogasawara

議題

Let's tackle open-source supply chain issues with open source

TR514 [[ new Date( '2024-08-04 07:25:00+00:00' ).toLocaleDateString('ja', {year: 'numeric', month: '2-digit', day: '2-digit'}) ]] [[ new Date( '2024-08-04 07:25:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] ~ [[ new Date( '2024-08-04 07:55:00+00:00' ).toLocaleTimeString('zh-Hant', {hour12: false, hour: '2-digit', minute:'2-digit'}) ]] 其他 Others

加入行事曆加入關注加入關注已關注

The open-source supply chain issue has attracted considerable attention. Therefore, there is a focus on managing software dependencies and vulnerabilities using SBOM (Software Bill of Materials). In this talk, he will discuss how to create an SBOM from software dependencies using Dependency-Track, an open-source tool developed primarily by OWASP, and CycloneDX, a SBOM format, to visualize vulnerabilities in the software being developed.

Download Slide

講者

Naruhiko Ogasawara

Naruhiko Ogasawara is a security engineer in Japan. His expertise lies in vulnerability detection through source code static analysis for applications. He is also an avid enthusiast of desktop OSS, favoring LibreOffice and Ubuntu. He is a watcher of Linux printing technology. He is a former member of The Document Foundation and OpenPrinting Japan.

Open Source People Network (OSPN) Japan Special track D9LWLJ general (30mins)