In my December 2023 talk at BSides London, I dived into the intricate world of Software Bill of Materials (SBoMs) and their critical role in supply chain security. We examined the practical uses of SBoMs, their limitations, and the importance of critical evaluation when vendors propose comprehensive solutions. This session was not just a theoretical exploration but a practical guide to understanding and leveraging SBoMs in enhancing IT security and managing software inventories effectively.
SBoMs, as I emphasised, are pivotal in the journey towards robust software supply chain security, yet they are not the ultimate solution. The presentation highlighted the complexities involved in achieving a ‘secure by default’ status in our software supply chains. My aim was to provide clarity on the significance of SBoMs and their position within the broader context of IT security and supply chain management, sparking a conversation about the future steps needed in this evolving field