SBOM, log4j, and the Future of Transparency in the Software Supply Chain

Thursday, January 27, 2022

11:00 AM - 12:00 PM PDT

60 minutes, including Q&A

A software bill of materials (SBOM), like any other security feature, won't solve all our problems. But greater transparency in the software supply chain will 1) support more secure software development, 2) enable more informed decisions around software selection and purchase, and 3) allow organizations to respond much more quickly and efficiently respond to new vulnerabilities.

This webinar will review the basics of SBOM, and use the recent log4j vulnerability to understand how SBOM can help—and also understand its limits. We'll close by offering some perspectives on how SBOM and related transparency efforts will grow and evolve in 2022 and beyond.

Brought to you by:


Guest Presenter:

Dr. Allan Friedman

Senior Advisor and Strategist

Cybersecurity and Infrastructure Security Agency (CISA)

Dr. Allan Friedman is a Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency in the US Government. He coordinates the global cross-sector community efforts around software bill of materials (SBOM), and works to advance its adoption inside the US government. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics. Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard's Computer Science department, the Brookings Institution, and George Washington University's Engineering School. He is the co-author of the popular text "Cybersecurity and Cyberwar: What Everyone Needs to Know," has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.

Sponsor Presenter:

Anoop Kartha

Sr. Solution Engineer

Traceable AI

Anoop is a Sr. Solution Engineer at Traceable AI with more than 15 years of experience in risk management, compliance, and privacy. In addition, Anoop is a father, runner, music fanatic (listen to and play music) and loves trekking, trailing, and pretending to meditate.

Steve Paul


Sustaining Partners