Left to Our Own Devices

Cybellum Technologies LTD

Introducing Left to Our Own Devices - the podcast dedicated to everything product security. Every other week, we will be talking with a different cybersecurity policymaker, engineer, or industry leader to hear their war stories and get their insider tips for surviving the product security jungle. From Medical SBOMs, to WP. 29 and the latest industrial security threats, this is your place to catch up and learn from the pros. Left to Our Own Devices is brought to you by Cybellum. To learn more, visit Cybellum.com read less
TechnologyTechnology
NewsNews
EducationEducation
Tech NewsTech News

Episodes

Tom Alrich Returns: Our Vulnerability Problem (Bonus Episode)
Jul 23 2024
Tom Alrich Returns: Our Vulnerability Problem (Bonus Episode)
In this special bonus episode, we welcome back Tom Alrich, an expert in supply chain cybersecurity to discuss one of the most pressing issues in cybersecurity right now. Tom discusses the current issues with the National Vulnerability Database (NVD) and the challenges it presents for effective vulnerability management. We explore his proposed solutions and the future of software supply chain security, based on his extensive experience.If you'd like to reach out to Tom, his email address is tom@tomalrich.com.Additional links/resources mentioned during the episode or relevant to the discussion (if the links are not clickable please visit cybellum.com/podcasts to find them)The SBOM Forum's 2022 white paper on fixing the CPE problem in the NVDTom's post from yesterday on the problem with vulnerability managementThe link to the SBOM Forum's website, where donations can be made (please email Tom before donating)An additional post he published on the day we recorded the episode which further highlights the NVD issueTom's book "Introduction to SBOM and VEX" which is out nowTom also mentioned that he misspoke when he said at the end that the OWASP Vulnerability Database Working Group is meeting twice weekly. In reality, they are only meeting twice monthly, as he can't afford to dedicate more time than that. They would love to meet at least weekly and also create documents, webinars, and more. Therefore, they are seeking some modest donations to support these efforts.