The Various Shades of Supply Chain: SBOM, N-Days and Zero Trust

Over the past two years, attacks on multiple targets in the semiconductor industry have consistently led to leaks of firmware source code. A compromised developer device could potentially give an attacker access to the source code repository, adding a major gap in the security of the software supply chain. There are multiple policies in place to improve transparency in the firmware supply chain in general, but implementing and adopting them will take years. The technology industry is in the midst of active discussions about the use of “software bill of materials“ (SBOMs) to address supply chain security risks. In order to implement supply chain security practices, there must be better transparency on software dependencies..... By: Richard Hughes , Alex Matrosov , Kai Michaelis Full Abstract and Presentation Materials: #the-various-shades-of-supply-chain-sbom-n-days-and-zero-trust-31253