"Once we get to a state where software is being developed securely, I think overall it’s going to result in less toil and less work for [security’ teams] because the tools will just be updated to do all this stuff automatically for folks," explains Dan Lorenc. Read more about Dan's thoughts, some spicy ( 🌶 ), on software supply chain policy, SBOMs, and OSS in CSO Online. (link in comments)
It's beyond silly that the concept of SBOM is even needed. It's such an obvious and foundational need, having an entire product company (and there are many, 50+ by my count in 2022) built around the concept is nuts. It's just inventory. But that is where we are today, and until it becomes truly mainstream we have to deal with this madness.
I wasn't that spicy!
The people (AKA me) want more spicy. Thanks for sharing! #WeHateSBOMs, but not really; maybe a little. Sad & grateful for what the SBOM has done to spread awareness about supply chain security.
Vice President Marketing at Chainguard | Cybersecurity Communications Leader | MBA
3whttps://www.csoonline.com/article/2515198/software-supply-chain-still-dangerous-despite-new-protections.html