During the CyberSenate’s online 2021 ICS summit, Eric Byres, Bryan Owen, Chris Blask, and Verve’s Ron Brash discussed several cyber security risks posed within supply chain and an emerging solution/approach to manage some of those security shortfalls.
Among the topics explored were:
- Where and how Software Bills of Materials (SBoMs) will be used and how context is needed
- The challenges in deriving bills of materials when software code and final products are different
- The benefits of attestation when creating products, and integrated enriched information into security products to help asset owners vs. adding additional overhead
Of course, all SBoMs, supply chain, third-party risk, and related cyber security questions could not be answered in a single hour-long session, but instead, the panel reiterated that SBoM usage is inevitable, nuanced, and needs to be included comprehensively by vendors, integrators, and asset owners alike. To hear the play by play, and watch the entire discussion: