Industry Analysis
RSA Conference 2023 Supply Chain Track: Field Notes
Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.
Oct 18, 20235 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
Five takeaways from the supply chain sessions at RSA Conference 2023, from SBOM adoption skepticism to attestation tooling and federal procurement pressure.
Embedded devices run for decades and rarely get patched. SBOMs bring transparency to firmware that the IoT industry desperately needs.
Generating SBOMs is solved. Storing, versioning, and distributing them at scale is the next engineering challenge.
Produce accurate CycloneDX SBOMs from Maven builds using the official plugin, handle multi-module reactors, and ship attested SBOMs alongside your JARs.
Build a repeatable SBOM review workflow that catches license risks, stale dependencies, and unexpected components before they ship to customers.
Practical strategies for generating and managing Software Bills of Materials in cloud-native environments, beyond the compliance checkbox.
Mobile apps ship to millions of devices and can't be patched silently. Here's how to build SBOM practices for iOS and Android development.
A thorough review of Anchore's Syft SBOM generation tool, covering supported formats, language ecosystems, container scanning, and integration patterns.
A syntactically valid SBOM can still be useless. Here's how to validate structure, completeness, and accuracy to produce SBOMs worth trusting.
Weekly insights on software supply chain security, delivered to your inbox.