Source vs Binary code analysis Challenges and Solutions within the Software Supply Chain

This presentation explores the complexities and best practices in vulnerability management within the automotive software supply chain, with a focus on the challenges in complex software, including open-source components, third-party libraries, and proprietary software. The most important topics are the SBOM generation process, the difference between source code and binary code analysis, and the difficulties in identifying and mitigating vulnerabilities. In addition, we consider the role of Vulnerability Disclosure Reports (VDRs) and Vulnerability Exploitability Exchange (VEX) in providing a robust foundation for effective vulnerability management.

About the Speaker:

Irina Kimmel is the Product Manager for Automotive Vulnerability Management at ETAS. In this role, she defines the strategy and develops the content for this service and product area. Irina offers a solution to automate the creation of SBOM (Software Bill of Materials) and identify and manage critical software vulnerabilities and supports customers in achieving conformity to industry security standards like UN R155, CRA and ISO/SAE 21424.

In her professional journey, she has a strong background in offensive security and has made significant contributions to the global security and efficiency of enterprise/offboard IT systems through her diverse and extensive experience as a Consulting Lead and Service Architect for the Penetration Testing Service.

Видео Source vs Binary code analysis Challenges and Solutions within the Software Supply Chain канала SecureOurStreets