Government and industry has been working on and pushing a software bill of materials (SBOM). It is an easy concept to understand, as is the potential value of a SBOM. After briefly describing a SBOM, this session focuses on what ICS vendors and asset owners would actually do if SBOM’s existed.
Do we expect asset owners to track all vulnerabilities of all software and firmware in their ICS? Will they place this responsibility on the vendors? Will vendors track and process this at no charge? Does a SBOM become public.
Allen Friedman will discuss the issue with an asset owner and an ICS vendor.