Feb 9, 2022
Tom Alrich dives deep on the items he works and writes about. For a long time it was NERC CIP, and he recently added SBOMs to his repertoire. We go deep and I think the business model portion may be the best and most accessible part of the episode.
1:21 The 2 main SBOM formats. There differences and what will win.
12:30 VEX ... identifying what vulnerabilities in the SBOM are exploitable
24:00 What EO 14028 will require the USG to do with SBOMs in August
34:00 Who and how SBOMs will be provided and used. Business models.
Links