Ofir Cohen’s Post

View profile for Ofir Cohen
Ofir Cohen

Containers and Software Supply Chain Lead @ Wiz | Public Speaker (CNCF, K8s)

Whatcha gonna go with all that SBOMs (all that SBOMs) inside your trunk 😉? Easy - you use Wiz SBOM search! https://lnkd.in/d_QCGswj

View profile for Dan Lorenc
Dan Lorenc

Software Supply Chain Security

Where are all the SBOMs? We're still seeing little to no adoption of them across all of our customers and industries we work in. It's been a few years now into the effort, and I'm just not seeing them anywhere in cloud/SaaS companies. The companies that are using them already were, and it's almost exclusively licensing-driven for OSS components rather than security. CSPMs have mostly solved asset inventory for the purposes of vulnerability management (no one has actually solved vulnerability management itself), and they do it at a much more useful and relevant level than generating and managing massive JSON documents for every workload. Justin Pagano's "SBOM Hall of Fame" repository is still empty (link in comments). If you're using SBOMs and are getting value from them, please write up a case study somewhere! #sbom #cspm #vulnerabilitymanagement

Maya Doron

Growth Marketing Manager @Wiz | Marketing & Communications

8mo

This is great!

Like
Reply
1 Reaction

To view or add a comment, sign in

More Relevant Posts

  • View profile for Simardeep S.
    Simardeep S.

    Cloud-Native & Big Data Architect | CKS | CKA | CKAD | Cilium | Istio | AWS x 2 Certified

    Totally agree, Dan Lorenc I've also noticed SBOMs are still seen more as a compliance requirement than a security tool. CSPMs are filling the gap for cloud environments, but there's still untapped potential with SBOMs if we streamline the process. Would love to see more practical use cases where they’re actually making a difference in security.

    View profile for Dan Lorenc
    Dan Lorenc

    Software Supply Chain Security

    Where are all the SBOMs? We're still seeing little to no adoption of them across all of our customers and industries we work in. It's been a few years now into the effort, and I'm just not seeing them anywhere in cloud/SaaS companies. The companies that are using them already were, and it's almost exclusively licensing-driven for OSS components rather than security. CSPMs have mostly solved asset inventory for the purposes of vulnerability management (no one has actually solved vulnerability management itself), and they do it at a much more useful and relevant level than generating and managing massive JSON documents for every workload. Justin Pagano's "SBOM Hall of Fame" repository is still empty (link in comments). If you're using SBOMs and are getting value from them, please write up a case study somewhere! #sbom #cspm #vulnerabilitymanagement

    To view or add a comment, sign in

  • View profile for Andrey Lukashenkov
    Andrey Lukashenkov

    Vulnerability Intelligence and Research | B2B SaaS GoToMarket | Engineering Background | Startups

    “CSPMs have mostly solved asset inventory for the purposes of vulnerability management (no one has actually solved vulnerability management itself).” Have been missing strong takes from Dan Lorenc recently. Maybe it was the LinkedIn algo that hid them, or perhaps Dan has just been mostly liking posts from the Chainguard team recently. A couple of interesting links in the comments worth checking out. #informationsecurity #vulnerabilityassessment #vulnerabilitymanagement #sbom

    View profile for Dan Lorenc
    Dan Lorenc

    Software Supply Chain Security

    Where are all the SBOMs? We're still seeing little to no adoption of them across all of our customers and industries we work in. It's been a few years now into the effort, and I'm just not seeing them anywhere in cloud/SaaS companies. The companies that are using them already were, and it's almost exclusively licensing-driven for OSS components rather than security. CSPMs have mostly solved asset inventory for the purposes of vulnerability management (no one has actually solved vulnerability management itself), and they do it at a much more useful and relevant level than generating and managing massive JSON documents for every workload. Justin Pagano's "SBOM Hall of Fame" repository is still empty (link in comments). If you're using SBOMs and are getting value from them, please write up a case study somewhere! #sbom #cspm #vulnerabilitymanagement

    To view or add a comment, sign in

  • View profile for Dan Lorenc
    Dan Lorenc

    Software Supply Chain Security

    Where are all the SBOMs? We're still seeing little to no adoption of them across all of our customers and industries we work in. It's been a few years now into the effort, and I'm just not seeing them anywhere in cloud/SaaS companies. The companies that are using them already were, and it's almost exclusively licensing-driven for OSS components rather than security. CSPMs have mostly solved asset inventory for the purposes of vulnerability management (no one has actually solved vulnerability management itself), and they do it at a much more useful and relevant level than generating and managing massive JSON documents for every workload. Justin Pagano's "SBOM Hall of Fame" repository is still empty (link in comments). If you're using SBOMs and are getting value from them, please write up a case study somewhere! #sbom #cspm #vulnerabilitymanagement

    To view or add a comment, sign in

  • View profile for 🔥Rachel Shimanski
    🔥Rachel Shimanski

    Regional Marketing Lead, NA

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/40QH3G9

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Matt Donahue, MSIS
    Matt Donahue, MSIS

    Director- Global Accounts at NCC Group |

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/4hWFr3H

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Chris Siores
    Chris Siores

    Business Development Manager - Industrials

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/3CVFfSn

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for 🧗‍♀️Tom Shingler
    🧗♀️Tom Shingler

    Scaling NCC groups Customer success function - Driving world class customer experience and revenue generation

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/3B6Q9E9

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Clark Venter
    Clark Venter

    Helping Build a Better Internet

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/41tVakQ

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Wayne Margolin
    Wayne Margolin

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/3YXLFb0

    • No alternative text description for this image

    To view or add a comment, sign in

  • View profile for Alison Metcalfe
    Alison Metcalfe

    trying out early retirement

    The shift to cloud environments brings significant benefits but also presents unique challenges for Digital Forensics and Incident Response (DFIR). Unlike traditional on-premise practices, processes and systems where security teams have greater control, cloud environments have shared infrastructure, decentralized data and reliance on third-party providers. Nigel Gibbons and Ben Fountain highlight important tools and strategies to effectively navigate these challenges and strengthen #DFIR management in the cloud. Read the blog👉 https://bit.ly/3AREbyg https://bit.ly/4eIPXZE

    • No alternative text description for this image

    To view or add a comment, sign in

Ofir Cohen

6,133 followers

View Profile

Explore topics