Updates from the CISA SBOM Working Groups
Stay up to date with the latest updates from the CISA sponsored workstreams on SBOMs.
The Cybersecurity and Infrastructure Security Agency (CISA) hosts multiple workstreams on SBOM Sharing & Exchanging, Tooling & Implementation, On-Ramps & Adoption, Cloud & Online Applications, and Vulnerability Exploitability eXchange (VEX). The Agency recently hosted an “SBOM-a-Rama” to provide updates from these groups, industry groups (Finance, Automotive, Healthcare) executing on SBOMs, as well as from international partners.
Fortress has been tracking these working groups and plans to debrief the community with updates on the current state of the conversation in the working groups, their recently released deliverables, as well as what is on the horizon.
This webinar will cover...
- Current state of public SBOMs working groups
- Recent deliverables
- What is on the horizon for SBOMs
Meet the Speakers
Fortress Information Security, Product Owner
Bryan works as Product Owner on Fortress' solutions for Software Bills of Materials (SBOMs). He previously worked as a research analyst on Fortress' research and development team on software supply chain integrity and security projects.
Bryan’s current work focuses on software transparency and improving supply chain security using SBOMs and Vulnerability Exploitability eXchange (VEX), including ways to automate and to improve operational vulnerability response. He has authored several white papers on software supply chain security and SBOMs.
Bryan earned a degree in finance from the University of Florida and a Master's in information security from the University of Denver.
Fortress Information Security, Lead Security Engineer
Brad Whipple has been involved in firmware engineering and cybersecurity for the past decade. Currently he is working as the SBOM manager for Fortress Information Security, leading a team to provide Software Bill of Materials (SBOM) for clients. Prior to that, he helped draft and guide DoD cybersecurity policy for facility related control systems, worked at INL conducting cybersecurity research in the critical infrastructure space, and reverse engineering heavy duty diesel vehicles.
Brad earned a Bachelor's degree in electrical engineering from Boise State University and a Master's degree in computer science from the University of Idaho.