Tom Alrich On All Things SBOM

Tom Alrich dives deep on the items he works and writes about. For a long time it was NERC CIP, and he recently added SBOMs to his repertoire. We go deep and I think the business model portion may be the best and most accessible part of the episode. 1:21 The 2 main SBOM formats. There differences and what will win. 12:30 VEX ... identifying what vulnerabilities in the SBOM are exploitable 24:00 What EO 14028 will require the USG to do with SBOMs in August 34:00 Who and how SBOMs will be provided and used. Business models. Links Tom Alrich's Blog Tom's Who Should Be Responsible article Subscribe to Dale's ICS Security - Friday News & Notes