Sign up to save your podcasts
Or
Share The OT SBOM Market
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The OT SBOM Market
Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of Finite State about where the SBOM products and market is today and where it will go in the future. This discussion was informed by the SBOM Challenge at S4x23.
- Who is the primary buyer of SBOM products and services today? (Hint: Matt thinks that 80% of the code in a product is third party)
- How accurate are the products, and the Finite State product in particular, in creating a SBOM?
- How much is the value of a SBOM degraded if it is not perfect? If it is missing software or has inaccuracies?
- Are the offerings now a product? A semi-custom service that uses a developed product? (with an apt comparison to the detection market)
- What will the US Government do with all these SBOMs if they actually get them? If they get an exponential increase in software inventory and the patching and cyber maintenance burden.
- Will there be a separate/distinct OT SBOM market? Will there be a SBOM market in the long run or will it get subsumed in some sort of asset management market?
- Early thoughts on the SBOM marketplace (a place to collect and distribute and respond to queries on SBOMs)
- Where is the industry / products now on VEX?
- Do configuration files belong in a SBOM?
- Surprise data points from the SBOM Challenge
View all episodes
By Dale Peterson: ICS Security Catalyst and S4 Conference Chair
4.9
1414 ratings
Dale Peterson talks with Matt Wyckhouse, Founder and CEO, of Finite State about where the SBOM products and market is today and where it will go in the future. This discussion was informed by the SBOM Challenge at S4x23.
- Who is the primary buyer of SBOM products and services today? (Hint: Matt thinks that 80% of the code in a product is third party)
- How accurate are the products, and the Finite State product in particular, in creating a SBOM?
- How much is the value of a SBOM degraded if it is not perfect? If it is missing software or has inaccuracies?
- Are the offerings now a product? A semi-custom service that uses a developed product? (with an apt comparison to the detection market)
- What will the US Government do with all these SBOMs if they actually get them? If they get an exponential increase in software inventory and the patching and cyber maintenance burden.
- Will there be a separate/distinct OT SBOM market? Will there be a SBOM market in the long run or will it get subsumed in some sort of asset management market?
- Early thoughts on the SBOM marketplace (a place to collect and distribute and respond to queries on SBOMs)
- Where is the industry / products now on VEX?
- Do configuration files belong in a SBOM?
- Surprise data points from the SBOM Challenge
More shows like Unsolicited Response
View all
Security Now (Audio)
1,966 Listeners
Risky Business
359 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Hacked
180 Listeners
CyberWire Daily
1,014 Listeners
Click Here
394 Listeners
Darknet Diaries
7,849 Listeners
Cybersecurity Today
167 Listeners
The Industrial Security Podcast
20 Listeners
@BEERISAC: OT/ICS Security Podcast Playlist
7 Listeners
Cyber Security Headlines
117 Listeners
(CS)²AI Podcast Show: Control System Cyber Security
2 Listeners
Ukraine: The Latest
1,753 Listeners
Det Store Bildet
10 Listeners
Risky Bulletin
33 Listeners