Sign up to save your podcasts
Or
Share The OT SBOM Market
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The OT SBOM Market
Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of Finite State about where the SBOM products and market is today and where it will go in the future. This discussion was informed by the SBOM Challenge at S4x23.
- Who is the primary buyer of SBOM products and services today? (Hint: Matt thinks that 80% of the code in a product is third party)
- How accurate are the products, and the Finite State product in particular, in creating a SBOM?
- How much is the value of a SBOM degraded if it is not perfect? If it is missing software or has inaccuracies?
- Are the offerings now a product? A semi-custom service that uses a developed product? (with an apt comparison to the detection market)
- What will the US Government do with all these SBOMs if they actually get them? If they get an exponential increase in software inventory and the patching and cyber maintenance burden.
- Will there be a separate/distinct OT SBOM market? Will there be a SBOM market in the long run or will it get subsumed in some sort of asset management market?
- Early thoughts on the SBOM marketplace (a place to collect and distribute and respond to queries on SBOMs)
- Where is the industry / products now on VEX?
- Do configuration files belong in a SBOM?
- Surprise data points from the SBOM Challenge
View all episodes
By Dale Peterson: ICS Security Catalyst and S4 Conference Chair
4.9
1414 ratings
Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of Finite State about where the SBOM products and market is today and where it will go in the future. This discussion was informed by the SBOM Challenge at S4x23.
- Who is the primary buyer of SBOM products and services today? (Hint: Matt thinks that 80% of the code in a product is third party)
- How accurate are the products, and the Finite State product in particular, in creating a SBOM?
- How much is the value of a SBOM degraded if it is not perfect? If it is missing software or has inaccuracies?
- Are the offerings now a product? A semi-custom service that uses a developed product? (with an apt comparison to the detection market)
- What will the US Government do with all these SBOMs if they actually get them? If they get an exponential increase in software inventory and the patching and cyber maintenance burden.
- Will there be a separate/distinct OT SBOM market? Will there be a SBOM market in the long run or will it get subsumed in some sort of asset management market?
- Early thoughts on the SBOM marketplace (a place to collect and distribute and respond to queries on SBOMs)
- Where is the industry / products now on VEX?
- Do configuration files belong in a SBOM?
- Surprise data points from the SBOM Challenge
More shows like Unsolicited Response
View all
Security Now (Audio)
1,986 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
The Bill Simmons Podcast
29,985 Listeners
The Ben Shapiro Show
153,262 Listeners
CyberWire Daily
1,018 Listeners
The Defender's Advantage Podcast
31 Listeners
Click Here
405 Listeners
Darknet Diaries
7,951 Listeners
Cybersecurity Today
173 Listeners
The Industrial Security Podcast
21 Listeners
Defense in Depth
77 Listeners
@BEERISAC: OT/ICS Security Podcast Playlist
7 Listeners
Nexus: A Claroty Podcast
17 Listeners
Risky Bulletin
43 Listeners
PrOTect It All
7 Listeners