How Do You Know You're Done - After a Security Fix? - Kate Stewart, The Linux Foundation & Peter Brink, UL Solutions
Requirements are at the heart of designing a system with safety considerations. When building the system, having a detailed and accurate record of all the components and build information is necessary for safety analysis. When a component vulnerability fix comes in though, how do you know the system conforms with the safety claims after applying the fix? This talk will go into some approaches for leveraging the SBOM data to improve the automation and confidence in the analyis necessary to know you’re done.
