S3E28: Resilient Cyber w/Mark Curphey

In this episode of Resilient Cyber, Chris Hughes is joined by Mark Curphey, the founder of OWASP and a pioneer in the cybersecurity industry. They dive into the challenges with Software Composition Analysis (SCA), Software Bill of Materials (SBOM), and the future of OWASP in modernizing security practices for cloud-native environments and DevOps.

🔑 Key Highlights:

• Challenges with SBOM Frenzy: Mark discusses why the push for SBOMs (Software Bill of Materials) is premature and highlights technical issues that need to be addressed before SBOMs become fully effective.

• SCA (Software Composition Analysis) Struggles: An in-depth discussion on why SCA is difficult, including problems with vulnerability databases, false positives, and non-deterministic package managers.

• Modernizing OWASP: Mark shares his plans to shake up the OWASP foundation, cut through bureaucracy, secure better funding, and make the organization relevant for modern security challenges.

• Open Source Security: Mark explains the importance of the open-source ecosystem, how it's currently underfunded, and the role of security foundations like OpenSSF in bolstering open-source security.

• Future of Cybersecurity: Insights into where the industry is headed, including the importance of reproducible builds and better vulnerability databases.