Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of
Finite State about where the SBOM products and market is today and
where it will go in the future. This discussion was informed by the
SBOM Challenge at S4x23.
Who is the primary buyer of SBOM products and services today?
(Hint: Matt thinks that 80% of the code in a product is third
How accurate are the products, and the Finite State product in
particular, in creating a SBOM?
How much is the value of a SBOM degraded if it is not perfect?
If it is missing software or has inaccuracies?
Are the offerings now a product? A semi-custom service that
uses a developed product? (with an apt comparison to the detection
What will the US Government do with all these SBOMs if they
actually get them? If they get an exponential increase in software
inventory and the patching and cyber maintenance burden.
Will there be a separate/distinct OT SBOM market? Will there be
a SBOM market in the long run or will it get subsumed in some sort
of asset management market?
Early thoughts on the SBOM marketplace (a place to collect and
distribute and respond to queries on SBOMs)
Where is the industry / products now on VEX?
Do configuration files belong in a SBOM?
Surprise data points from the SBOM Challenge
About the Podcast
Dale Peterson interviews guests who are pushing and prodding the ICS community to improve cyber security, as well as those in related fields with innovative ideas the ICS community should consider. Dale began his career as a NSA Cryptanalyst, has been securing ICS for over 20 years. He is the founder and program chair of the S4 Conference.