SBOM the Good, the Bad, and the Ugly (A31a)
Over the past two years, we have seen numerous failings of products due to issues within their software supply chain. Unfortunately, supply chains have become a key attack vector. Supply chain attacks have resulted in a U.S. Presidential Executive Order, a GAO mandate, and even subsequent Software Bill of Material (SBoM) initiatives. While SBoMs have been around for some time, not everyone uses them to prevent supply chain issues. The new SBoM initiatives may help with that, but all good things can be abused. Ultimately time will tell if they will be the great panacea that everyone needs or a disaster. This session will cover the current state of the SBoM and various initiatives. It will also demonstrate the solutions that may be needed if we are to survive the SBoMs.