SBOM and Software Supply Chain

Rob Szumski (@robszumski, Founder/CEO @Edgebitio) talks about the evolution of software supply chains, SBOMs, and managing software dependencies in the age of cloud-native apps.

SHOW: 710

CLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotw

NEW TO CLOUD? CHECK OUT - "CLOUDCAST BASICS"

SHOW SPONSORS:

• Datadog Security Solution: Modern Monitoring and Security
• Start investigating security threats before it affects your customers with a free 14 day Datadog trial. Listeners of The Cloudcast will also receive a free Datadog T-shirt.
• CloudZero – Cloud Cost Visibility and Savings
• ​​CloudZero provides immediate and ongoing savings with 100% visibility into your total cloud spend

SHOW NOTES:

• Edgebit (homepage)
• Edgebit (YC Launch)
• Introducing the Real-time SBOM
• Understanding VDR and VEX
• Open VEX supercharges SBOM (Cloud Native Podcast)
• SPDX (Software Package Data Exchange)
• SBOM Sharing Lifecycle Report

Topic 1 - Welcome to the show Rob. Tell us a little bit about your background and what led you to start Edgebit.

Topic 2 - SBOM (Software Bill of Materials) has become a big topic, especially around the cloud-native community. Software and security have been around a long time, why the uptick in discussions around SBOM now? 

Topic 3 - Let’s walk through the day-in-the-life of a typical team these days. Where are there holes in their current toolset and how are things potentially improving? 

Topic 4 - Tell us about Edgebit. Where does Edgebit play a role in the Software Supply Chain? 

Topic 5 - Edgebit take a broad view of a company’s software landscape, but a narrow view of action. Less of a boil the ocean approach. How do you find this approach is appreciated by developers vs. security teams? 

Topic 6 - What are some of the ways you expect to see the SBOM and Software Supply Chain over the next year? 

FEEDBACK?

• Email: show at the cloudcast dot net
• Twitter: @thecloudcastnet