WWU's Manoj Prasad talks software supply chain at global security forum

RSA Conference 2024 brought together a community of thousands of cybersecurity professionals together in San Francisco.

Manoj Prasad, a distinguished faculty member of WWU's Computer Science Department, recently presented at the RSA Conference 2024 in San Francisco. The RSA Conference is a global information security forum that brings together tens of thousands of IT and computer science experts from around the world. Prasad's talk explored the critical topic of software supply chain transparency.

Enhancing transparency within the software supply chain is vital to digital responsibility and security, a central point in Prasad's talk, "SBOMs: Navigating the Evolving Landscape of Software Bill of Materials." He emphasized the necessity of clear, detailed documentation for all components in the supply chain, and discussed the integration of SBOMs with tools for risk assessment and vulnerability management. 

Prasad also outlined the evolving landscape of SBOMs and their role in documenting the components, licenses, and vulnerabilities associated with software products. This type of information, he says, is vital in managing third-party dependencies and compliance. In addition, he explored significant regulations influencing the adoption of SBOMs, including the US Executive Order 14028 on cybersecurity and the EU’s Cyber Resilience Act 2024. 

"Underscoring all of this, accountability and trust both in the development of software and its terms of use are critical in building a responsible digital environments. Certifications and attestations play a key role in building this trust and guiding users toward reliable software solutions," Prasad says.

New standards and tools

The back half of Prasad's talk included a review of the evolution of SBOM standards and tools, and ended with a look ahead. The current development of tools across the ecosystem demonstrates, according to Prasad, the industry's collective dedication to transparency and security. Standards from organizations like Open Web Application Security Project (OWASP) and the Open Source Security Foundation (OpenSSF) provide a solid foundation, while tools like Cyclone DX and SPDX show tangible progress in SBOM generation and management. 

Moving forward, Prasad sees plenty of opportunities for the open-source community and entrepreneurs to contribute to SBOM distribution and management tools. Their input will shape the future of software transparency. Additionally, a clear roadmap exists for governance, risk management and compliance and security practitioners to integrate SBOM processes into their organizations.

Manoj Prasad’s comprehensive talk at RSA Conference 2024 underscored the growing importance of SBOMs in maintaining a secure and transparent software supply chain. His expertise continues to bring valuable insights and advancements to the field of cybersecurity and software engineering. 

For more details on his presentation and to access related resources, visit the RSA Conference website or contact WWU's Computer Science Department.