Mar 29, 2023
Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of
Finite State about where the SBOM products and market is today and
where it will go in the future. This discussion was informed by the
SBOM Challenge at S4x23.
- Who is the primary buyer of SBOM products and services today?
(Hint: Matt thinks that 80% of the code in a product is third
- How accurate are the products, and the Finite State product in
particular, in creating a SBOM?
- How much is the value of a SBOM degraded if it is not perfect?
If it is missing software or has inaccuracies?
- Are the offerings now a product? A semi-custom service that
uses a developed product? (with an apt comparison to the detection
- What will the US Government do with all these SBOMs if they
actually get them? If they get an exponential increase in software
inventory and the patching and cyber maintenance burden.
- Will there be a separate/distinct OT SBOM market? Will there be
a SBOM market in the long run or will it get subsumed in some sort
of asset management market?
- Early thoughts on the SBOM marketplace (a place to collect and
distribute and respond to queries on SBOMs)
- Where is the industry / products now on VEX?
- Do configuration files belong in a SBOM?
- Surprise data points from the SBOM Challenge