Name: SBOM 101: How to Control Software Supply Chain Risks Like a Pro
Start: 2023-05-18T14:00:00Z
End: 2023-05-18T14:00:59.000Z
Location: BrightTALK
Rating: 4.7

The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium. Founded in 1989, OMG standards are driven by vendors, end-users, academic institutions, and government agencies.

In this webinar, you will learn how to use the Cloud Working Group discussion paper on “Domain Taxonomies for Data Governance,” issued by OMG in December 2023, to identify, inventory, tag and manage sensitive information stored in the cloud. The “domains” of the title refer to personal data protection, export controls, classified or defense information, and intellectual property. The paper also presents some of the mechanisms and tools that can be used to secure such information, and a scheme to attach classification labels to each dataset.

Domain Taxonomies for Data Governance

We have been developing software for well over half a century. Throughout that time, people have proposed practices and methods that promise high performance for teams that choose them. Yet, beyond the few case studies accompanying the advertising and the hype, we don’t seem to see the promised results.  
This inevitably leads to new and better methods that promise to address the failings of their predecessors. But they don’t. They also have their shortcomings, and beyond the few case studies accompanying the new hype, they fail to bring the promised results to teams that adopt them. 

The answer is not to create new and better methods and frameworks. Instead, we must look into why methods fail to deliver what they promise and overcome those problems. That’s what Ivar Jacobson set out to do and what led to Essence being adopted as an OMG Standard ten years ago.  

In those ten years, we have seen a growing number of experts and methodologists use Essence to describe their frameworks and practices, and an increasing number of teams and organizations adopt Essence. 

This talk will explore some of the use cases of Essence and the value it can provide to various stakeholders, including the methodologist, the team, and the organization. We will share some success stories and look to the future by describing some of the changes proposed for Essence 2.0 and the drivers behind them. We will also explain why Essence is designed for a world of living and breathing AI.

Whether you are entirely new to Essence or already enjoying its benefits, there will be something to interest you in this talk.

Essence – The Standard Bearer for High-Performing Teams

Cybersecurity is critical in developing and running complex, distributed systems.  As systems become more interconnected and intelligent, protecting data against cyberattacks and unauthorized participants becomes increasingly challenging. The first step to securing a distributed system is to protect its data.  

As a publish/subscribe protocol, DDS helps ensure that only authorized users and nodes can transmit and receive data, providing zero-trust, end-to-end data protection and data-origin authentication. 

The DDS Security specification defines the security model and Service Plugin Interface (SPI) architecture for DDS-compliant implementations. This enables out-of-the-box security between compliant DDS applications. Specifically, the use of SPIs allows DDS users to customize the authentication, access control, encryption, message authentication, digital signing, logging and data tagging.

The OMG will release an updated version of the DDS Security specification later this year. Last updated in 2018, the updated version includes new cryptographic algorithms, key rotation, support for dynamic revocation of credentials and hardness against DoS attacks. This webinar will provide an overview of the DDS Security spec with an emphasis on the new features. The presentation will be followed by audience Q&A.

Speaker
Gerardo Pardo, co-chair, DDS SIG, Lead Author of the DDS-Security specification, and CTO, Real-Time Innovations (RTI)

What’s New in the DDS Security Standard

Developers of systems running Data Distribution Service (DDS) use Quality of Service (QoS) policies to configure the behavior of the service.  For example, a user can declare that a DataWriter and DataReader are reliable, which obligates the service to deliver each and every sample from the DataWriter to the DataReader.  QoS separates the concerns of "what" (reliable data transfer) from "how" (resends, acknowledgments, etc.).
 
In this talk, we will
• introduce the 22 QoS policies in the DDS Specification
• describe use cases for various QoS policies
• look at a few "gotchas" related to QoS
 
The session will include an audience question and answer.

DDS: The FAQs about QoS

Join CISQ and Puppet by Perforce on February 15th and February 29th for a two-part series on Secure Critical Infrastructure for Continuous Compliance Standard.

Our event moderator, Chris Ganacoplos, AVP, Puppet will be joined by Tim Schilbach, CEO Penacity, and Paul Reed, Principal Solutions Engineer, Puppet for the second part of the series on February 29th, where they will present a demo of secure critical infrastructure with Continuous Compliance Framework enforcement modules for the operating system and hardening of systems and present what a solution with requirements will entail.

Secure Critical Infrastructure for Continuous Compliance Standard Solution

Join us for a technical DDS 101 webinar, a high-level introduction to the OMG's Data Distribution Service technology and standards.

The Data Distribution Service (DDS) from the Object Management Group (OMG) is a data connectivity framework becoming standardized in a wide range of industries and military systems.  From autonomous vehicles and embedded medical devices to electrical grids and intelligence and weapon systems, DDS is found in a growing number of architecture standards and government contracts. 

This webinar will focus on the technical features of DDS in the context of today's real-world use cases.

Introduction to the Data Distribution Service (DDS) Standard

Join CISQ and Puppet by Perforce on February 15th and February 29th for a two-part series on Secure Critical Infrastructure for Continuous Compliance Standard.

On February 15th, 2023 at 11:00am CT we'll kick off with a panel that will discuss the need and elements of SCI and why and how to meet Compliance Framework Regulatory Standards like CMMC, NIST, CIS, DISA STIG, PCI, and FINRA.

Our event moderator, Chris Ganacoplos, VP of East and Federal for Puppet Perforce IT Operations, Perforce will be joined by Tim Schilbach, CEO Penacity, for the first part of the series on February 15th, where they will discuss the challenges of Secure Critical Infrastructure. We will touch on Why Secure Critical Infrastructure is important, especially for stakeholders who need CMMC 2.0 certified with the NIST framework. We will discuss strategic and tactical topics you must implement in your program to be successful.

On February 29th, we'll be back with the addition of Paul Reed, Principal Solutions Engineer, Puppet by Perforce, who will give a presentation with Tim Schilbach and an in-depth demonstration that discusses the challenges of Secure Critical Infrastructure. We will review what it takes to build and deliver Secured Critical Infrastructure leveraging CMMC 2.0 certified and Center for Internet Security frameworks. We will demo an automated environment with policy as code, reporting, and auditing dashboards.

Secure Critical Infrastructure for Continuous Compliance Standard Panel

DDS turns 20! In 2024, we celebrate 20 years of DDS innovation. From its first use case that enabled distributed communications for US Navy ships to the autonomous systems of today, the DDS family of standards has enabled new generations of applications to run reliably, rapidly and securely, regardless of distance or scale. 

To commemorate this milestone, the DDS Foundation will be running a year-long celebration to highlight the 14 specifications in the DDS standard, along with selected real-world use cases. 

Kicking it off on January 18 is a webinar that starts at the beginning: A discussion with the original Principal Developer of the original Proof of Concept experiments, along with the lead developer of the original DDS standard. Audience Q&A is encouraged. 

The audience will gain insights into the development of the original DDS standard, including:
- Why the US Navy needed a distributed communication protocol
- Insights from the original developer of the core technology
- How it became a standard
- And more! 

Speakers
Gerardo Pardo, co-Author of the original DDS standard and CTO, Real-Time Innovations (RTI)
Mark Swick, Former Principal on US Navy project that formed the DDS standard; currently Systems Architect, Real-Time Innovations

DDS, the US Navy, and the Need for Distributed Software

Application modernization is more than ever at the top of the agenda across different industries. Some of the reasons involve cost, business agility, availability of skilled workforce, end of life of certain technologies and platforms, etc. 

Whatever the reasons, every transformation comes with its own set of challenges and risks. Many of these risks are related to organizational complexity, functional complexity, or lack of understanding of the current systems and applications. In this session, we will try to address this last aspect, and we’ll see how understanding your current systems blueprints and inner workings can help you make informed decisions on a relevant modernization strategy. 

Join CAST on Thursday, December 14th at 11:00am ET to gain some insights on what they’ve learned while working with some of their clients.

Insights-based Legacy Modernization Strategy

25 years ago, the Object Management Group's (OMG) Unified Modeling Language enhanced modeling efficiency in software intensive systems and continues to be used by engineers worldwide today. It is now considered by many, that OMG's Essence standard will have an even greater global impact because it can be integrated into every facet of the software engineering process. 

This webinar provides an overview of Essence, a demo of how it is used today, various use cases, and a preview of future implementations.

Essence – Redefining Software Engineering

25 years ago, the Object Management Group's (OMG) Unified Modeling Language enhanced modeling efficiency in software intensive systems and continues to be used by engineers worldwide today. It is now considered by many, that OMG's Essence standard along with its updated 2.0 version will have an even greater global impact because it can be integrated into every facet of the engineering process. Going beyond software engineering to include all engineering processes.

This webinar provides an overview of the intent of Essence v2.0 and how to get involved in this latest version.

Towards Essence 2.0: Removing Engineering Limitations

Governments, social scientists, technologists, and even the heads of AI organizations are expressing concerns about the potential misuse of the power unleashed by Foundation Models and Generative AI. Many nations and organizations have already started taking steps to regulate this powerful technology to prevent possible misuse and disruption of the societal fabric. Fear and concerns are synonymous with the approach toward nuclear technology worldwide. 

The teams of the Object Management Group (OMG) Responsible Computing Initiative launched a Tiger team to study and evaluate the potential concerns regarding Generative AI Techniques (GAIT) and recommend ways to channel the capabilities of GAIT responsibly to benefit society. 

Specific objectives include investigations on how to:

- Instill trust and reduce bias in the data used to build GAI models.
- Recommend proper and ethical use of AI models whilst protecting the intellectual rights of authors, artists, and other professionals.
- Regulate the proliferation of AI models to ensure no disruptive effects on employment, society, and the environment.
- Educate the consumers, administrators, and governmental bodies on the dangers and limitations of excessive use of AI models.

The different tracks of this initiative are:

• Ensure trustworthy Generative AI Models, which must be based on accurate and unbiased data.
• Impact on the Labor market, especially many white-collar jobs like copywriters, interpreters, and even professionals like investment advisors, editors, lawyers, customer support professionals, creative writers, doctors, etc.
• Issues related to IP, copyright violation, ownership, royalty, etc.
• Impact on the environment with the power-hungry deep learning process to build(train) GAI models.

Michael Linehan (OMG) and Cheranellore Vasudevan (IBM) will present their thoughts as they start their work on this initiative.

Responsible Generative AI

Systems Modeling Language™ v2 (SysML® v2), whose beta version was just adopted by our Board of Directors and is currently in its finalization phase, will enable modeling of increasingly complex systems as part of the evolving practice of model-based systems engineering, and provide improved precision, expressiveness, consistency, usability, interoperability, and extensibility over SysML v1.

The collection of SysML v2 specifications were submitted to the OMG Board of Directors for approval as beta specifications and have entered their finalization phase. The SysML v2 submission concluded five years of development with representation from over 80 organizations, resulting in three specifications and an open-source pilot implementation to validate them. It is anticipated that the final adopted specifications will be approved by the OMG in 2024 and that some of the tool vendors will have commercial SysML v2 implementations available at that time.

This webinar includes two parts presented by the co-leaders of the SysML v2 Submission Team. The first part includes an overview of SysML v2 capabilities and a comparison of SysML v2 with SysML v1, while the second part addresses some of the key language design decisions that led to the current specifications and the rationale for those decisions.

Systems Modeling Language™ v2 (SysML® v2) Overview

Cloud users are constantly subjected to a confusing barrage of claims and counterclaims. Myths about cloud computing abound, from exaggerated promises from vendors to the FUD (fear, uncertainty, and doubt) that is sometimes no more than resistance to change.

There are websites and publications that address cloud computing myths and some of these sources are useful, but many are derivative, repetitive, simplistic, or poorly reasoned. The OMG Cloud Working Group has captured the collective knowledge of its members to publish a neutral analysis of thirteen prevalent myths entitled Cloud Myths & Realities, which covers such hotly debated topics as cost, security, ease of management, and more. This webinar briefly addresses those myths and most will find this discussion paper a useful companion to our other 37 Publications, such as the Practical Guide to Cloud Computing, and will help cloud customers make better decisions about cloud services.

Cloud Computing Myths & Realities

Lucile and Stephane motivate you to see IT differently in this thought-provoking presentation. Starting by introducing responsible computing and green IT, they move on to show what makes a typical web page, what happens with the processing, and why many parts can be removed, saving energy, costs, and improving user retention, which is linked together.

How to Spot the Waste in IT and Web Development

Join us for a tour of the Responsible Computing Self-Assessment. The self-assessment charts a journey and provides recommendations based on responses to achieving sustainable practices in ICT environments for technology vendors and their clients, assessing six domains: Code, Data Center, Data Usage, Impact, Infrastructure, and Systems. 

The self-assessment is available to the public on our website: https://responsiblecomputing.net/responsible-computing-self-assessment/

Our members are working on a maturity model and deeper assessment, which will be available to our member organizations to provide a more profound framework of how to be a responsible computing leader.

Introducing the Responsible Computing Self-Assessment

The UAF is the latest modeling specification for systems of systems (SoS) modeling. It is designed to cover all the viewpoints from the latest defense architecture frameworks, namely DoDAF, MoDAF, NAF and others. The UAF is a very rich specification with several layers (domains) and aspects (“model kinds”) and while it is very rich and expressive, how to apply it in a real-life context can be quite challenging. One challenge is how to translate concepts of operation, existing and future capabilities, planning and acquisition strategy into a concrete UAF model. Another challenge is how to properly use the various levels of abstractions across its domains to enable reuse across different concrete realizations. Yet another challenge is that UAF does not exist in isolation and needs to be integrated with a broader set of lifecycle tools, such as requirement tools, system models in SysML, planning tools, simulation tools and others.  

In this demo, we describe how we transform conops documents and requirements into an actual UAF model using an emergency response system, which is a SoS. We demonstrate how the various UAF aspects are modeled, how the UAF modeling environment is integrated with a requirements management system, how the UAF technical views are integrated and transformed into SysML system models, and how roadmaps and plans are integrated with planning tools. We will also show how behavioral aspects of the SoS UAF models are simulated to validate them and reason about the behavior of the overall SoS. The overview will include demonstrations using an actual set of tools typically used in engineering environments.

UAF Tool Vendor Roadshow (Dec 2022) - IBM Rhapsody

Software now powers everything from smartphones and cars to medical devices and critical infrastructure. However, with the rise of cyber threats and recent government orders, it is crucial to clearly understand what components are in the system, where they came from, who has had access to them, whether they are subject to licenses, and whether they harbor known vulnerabilities. This is where Software Bill of Materials (SBOM) comes in.
 
Join us for an informative webinar on SBOM. In this webinar, you will learn how Software Component Analysis (SCA) is key to having an up-to-date SBOM and get answers to these critical questions:

1. Why are SBOMs critical for software development, security, and compliance?
2. How are SBOMs implemented and used to control software supply chain risks?
3. What are the contents of an effective SBOM?
4. What are the challenges and risks associated with SBOM implementation?
5. What are tools and best practices for creating and maintaining an effective SBOM?
 
This webinar is ideal for software developers, security professionals, compliance officers, IT managers, and anyone interested in learning about SBOM and its impact on software supply chain management. Don't miss this opportunity to gain valuable insights and ask questions to our expert speaker. Register now!

SBOM 101: How to Control Software Supply Chain Risks Like a Pro

software bill of materials

SBOM

Supply Chain

Risk Management

software risk

Software Asset Management

Procurement

Security

Security Analysis

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

The IT project management community on BrightTALK includes thousands of IT project and portfolio management professionals. Find relevant webinars and videos on agile methodologies, scrum strategy, project management processes and more. Attend live webinars or view on demand content presented by recognized thought leaders in the IT project management industry.

IT Project Management

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Thousands of healthcare IT professionals compose the health IT community on BrightTALK. Learn alongside them with relevant webinars on healthcare IT compliance, big data in healthcare and IT solutions for healthcare organizations. Join the conversation by asking questions and engaging with other participants during live webinars and organized discussions.

Health IT

Healthcare

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

SBOM 101: How to Control Software Supply Chain Risks Like a Pro

Presented by

About this talk

More from this channel