Preview Mode Links will not work in preview mode

Unsolicited Response Podcast


Feb 9, 2022

Tom Alrich dives deep on the items he works and writes about. For a long time it was NERC CIP, and he recently added SBOMs to his repertoire. We go deep and I think the business model portion may be the best and most accessible part of the episode.

1:21 The 2 main SBOM formats. There differences and what will win.

12:30 VEX ... identifying what vulnerabilities in the SBOM are exploitable

24:00 What EO 14028 will require the USG to do with SBOMs in August

34:00 Who and how SBOMs will be provided and used. Business models.

Links

Tom Alrich's Blog

Tom's Who Should Be Responsible article

Subscribe to Dale's ICS Security - Friday News & Notes