Why SBOMs Matter for Application SecurityPhilips Director Mishra on Needs, Challenges and Way Ahead for Software Developers
The way companies develop applications has changed over the years, and open-source technologies have replaced a significant portion of in-house components.
See Also: 2022 Unit 42 Incident Response Report
Supply chain is critical for application security, because 80% to 90% of applications rely on open-source software or third parties, said Minatee Mishra, director of product security at Philips. It is easy for a hacker to inject vulnerabilities into open-source components and compromise any software they want, she said.
"That's where we see a need for the software bill of materials," Mishra said. "The concept is not new. If you buy a food product, you'll see the list of ingredients that says what actually goes into your product. When we have so many outside components contributing to the development of applications, we really need to know what's in there to be able to track if there is a vulnerability and manage that vulnerability."
In this video interview conducted at Information Security Media Group's Bengaluru Cybersecurity Summit, Mishra also discussed:
- Global regulations for SBOMs;
- Implementation challenges in software development;
- The way ahead for application security.
Mishra has more than two decades of experience in the architecture, design, development and security of systems. She was instrumental in setting up the Security Center of Excellence at Philips.