We discuss the inherent challenges in securing the software supply chain and the shortcomings of existing approaches. We discuss the motivation, design, and implementation of It-Depends and Pip-audit and demonstrate how these tools can be used to generate SBOMs and provide insight into the security posture of a given software package.
Presented at:
- International Test and Evaluation (ITEA Cybersecurity Workshop), 2022
Authored by:
- Michael Brown, Evan Sultanik, Will Woodruff