Enterprise Security Weekly Subscribe

Application security, Supply chain, Endpoint/Device Security

Achieve Unprecedented Visibility into Your Software Supply Chain – Tom Goings – ESW #305

February 9, 2023

Tanium has recently released a new capability called Tanium Software Bill of Materials (SBOM) to help customers identify third-party libraries associated with software packages. - What is Tanium SBOM - Why is it different and why do you need it - How to configure SBOM - How to query for the details about every software application in your environment - Where your vulnerable packages exist - Ways that Tanium can remediate vulnerabilities from OpenSSL to Struts to Log4j today as well as new supply-chain vulnerabilities in the future

No one knows what the next supply chain vulnerability is going to be, but with Tanium, you will have access to data about how your applications are affected before it happens so that when it does, you're ready to take action to remediate the issue from within the Tanium XEM platform.

Segment Resources: - https://www.tanium.com/products/tanium-sbom/ - https://www.tanium.com/press-releases/tanium-launches-software-bill-of-materials-for-unprecedented-visibility-to-combat-supply-chain-threats/ - https://www.tanium.com/blog/software-bill-of-materials-openssl/ This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Sponsored By

Tanium

Full episode and show notes

Announcements

Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.

Guest

Tom Goings

Director, Product Management at Tanium

In 1996, Tom discovered that he had developed an interest in technology, but what was even more surprising was that he was pretty good at it. Since then, his journey has covered over 25 years of learning, starting from a humble beginning of building his first PC to play games with friends, and then moving forward to consulting multiple Fortune 100 companies on the value of the ITIL disciplines of IT Operations Management and IT Service Management. He is currently applying his subject expertise to define the future capabilities and vision for the Tanium platform.

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

Katie Teitler-Santullo

Product Marketer and Content Strategist

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

https://www.90degree.vc/

Related

Application security

XZ & Open Source, PuTTY’s Private Keys, LeakyCLI, LLMs Writing Exploits – ASW #282

April 22, 2024

CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!

Application security

Sustainable Funding of Open Source Tools – Simon Bennetts, Mark Curphey – ASW #282

April 22, 2024

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu...

Crazy money and crazy outcomes – cybersecurity acquisitions in all shapes and sizes – ESW #358

April 18, 2024

This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Te...