Tech Session: The Supply Chain of Problems: SBOM, N-Days and Zero TrustOver the past two years, attacks on multiple targets in the semiconductor industry have consistently led to leaks of firmware source code. A compromised developer device could potentially give an attacker access to the source code repository, adding a major gap in the security of the software supply chain. There are multiple policies in place to improve transparency in the firmware supply chain in general, but implementing and adopting them will take years. The technology industry is in the midst of active discussions about the use of "software bill of materials" (SBOMs) to address supply chain security risks.
In order to implement supply chain security practices, there must be better transparency on software dependencies. Previously, any piece of software shipped as black-box without providing any information related to software dependencies and third-party components. Firmware has largely been looked at in the same way. This talk focused to discuss various shades of the supply chain problems.Zero Trust Summit