Name: What’s in a Name? Vulnerabilities, SBOMs, and the Challenge of Software Identity - Justin Murphy, Department of Homeland Security (DHS), Cybersecurity & Infrastructure Security Agency (CISA)
Start: 2022-09-13T11:05:00+0100
End: 2022-09-13T11:45:00+0100

September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule

What’s in a Name? Vulnerabilities, SBOMs, and the Challenge of Software Identity - Justin Murphy, Department of Homeland Security (DHS), Cybersecurity & Infrastructure Security Agency (CISA)

Feedback form is now closed.

As we start to pay more attention to software supply chains (thank you, SBOM!), an old problem has resurfaced with a vengeance: how do we identify a particular piece of software? The software world - and the US government - has a goal for automation and easy mapping from a software dependency list to lists of known badness (vulnerabilities, potential malicious back doors, less optimal development practices, etc.). However, this requires a common namespace and shared identifiers for software. The current challenge is not that lack of naming standards, it is that we have several, and there are large gaps between them. This talk will describe the challenges presented regarding software identifiers as we try to secure the software supply chain. We’ll review existing solutions (CPE! PURL! Device identifiers! Hashes!), potential risks, and lay out a collaborative patch to addressing this over time and how the open source community can help and get involved.

Speakers

Justin Murphy

Vulnerability Disclosure Analyst, Cybersecurity and Infrastructure Security Agency (CISA)

Justin Murphy is a Vulnerability Disclosure Analyst with the Cybersecurity and Infrastructure Security Agency (CISA). He helps to coordinate the remediation, mitigation, and public disclosure of newly identified cybersecurity vulnerabilities in products and services with affected... Read More →

Murphy Software Identity pdf

Tuesday September 13, 2022 11:05 - 11:45 IST
Liffey B Part 2 (Level 1)

SupplyChainSecurityCon, Ensuring users know what Software Components (at all tiers) are Included

Content Experience Level Mid-level
Slides Included Yes
Session Speaker Type In-person Speaker(s)

Open Source Summit Europe 2022

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Justin Murphy