Especially in recent years, several attacks on the software supply chain, like the SolarWinds attack or the ongoing Log4j vulnerability, made it clear that our complex software ecosystems are hard to understand and even harder to keep secure. The software bill of material aims at solving this problem. In this episode, Barak Brudo explains what a software bill of material is and why they are important for security and to reduce vulnerabilities. I also question if we are ever going to be able to reach a state where SBOMs are part of every software or library.

We also talk about:

- security and software regulations like the software bill of materials

- software license poisoning

- what to do when you face a security breach

- human engineering attacks like 2FA fatigue