S4 SBOM Challenge
Based on VC funding, the next hot OT security product segment endeavors to secure the OT software and firmware supply chain. A big part of this involves Software Bills of Material (SBOMs). These products purport to have the ability to enumerate all of the components in a software or firmware product, AND to be able to distribute them in a way that makes it simple for asset owners to use.
The SBOM Challenge will test competitors in three tasks:
- Create an accurate SBOM
- Identify known vulnerabilities in the components in the SBOM
- Read in and apply vulnerability applicability data feeds (VEX and possibly others)
Attendees will be able to see how the vendors present similar information to the users, and what recommendations their analysis engines present to an asset owner.
Attendees will also be able to view the “other” items identified by these products. Many of these solutions claim they identify security issues beyond just missing patches. We will see.
Up to six companies will compete in the S4 SBOM Challenge. All will be present in the SBOM Pavilion. This will make it easy for attendees to see an apples to apples comparison and determine which product(s) they consider to be Top Tier.
Challenge Creators And Judges
We needed to find a qualified, respected and independent group to run the S4 SBOM Challenge. We are thrilled that Idaho National Laboratory (INL) has stepped up and agreed to run the Challenge. They will be providing more details to competitors in September / October.