RVAsec 2023

Andrew HendelaAndrew has over a decade of cybersecurity experience leading teams tackling hard challenges. His technical expertise involves automating a wide range of problems, including cyber attribution, malware analysis, and vulnerability research.

Twitter: @zelkathak

Software Bills of Behaviors: Why SBOMs aren’t enough

Most software supply chain-related tools fall into a few categories: SBOM generation, vulnerability analysis, build policies, and source-code analysis. These do not address the problem exemplified by the SolarWinds supply-chain malware insertion attack. Software Bills of Behaviors provide an understanding of what the software is doing and how it has changed providing a defense against Solarwinds-style attacks.

Come see Andrew at RVAsec 12!