23.Tablet Connections Esm W900

Since 41% of organizations are still not confident about their open-source software security, more innovations are needed to change this narrative. Even though software bill of materials offer more visibility, the Open Source Security Foundation seeks to alter SBOMs from just being a mechanism to be organism-based so that they address issues such as changes in metadata and compiler flags, according to Omkhar Arasaratnam, general manager of OpenSSF at The Linux Foundation.

“If we look back to the SANS Top 20 — or I guess this is now known the CIS Top 20 — number one has been asset management for the last three decades,” Arasaratnam said. “If we extend that thinking to our assets no longer being servers, laptops and network kit, but also software assets, that is what the SBOM seeks to address. Talking about how that evolves and how the data structures are supported through operational process, now I know I have Log4j.”

Arasaratnam and Brian Behlendorf (right), chief technology officer of OpenSSF at The Linux Foundation, spoke with theCUBE industry analyst John Furrier and guest analyst Rob Strechay at Open Source Summit NA, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the importance of SBOMs in the open-source software security landscape and how OpenSSF fits in the picture.