Intermediate

Security Hot Takes: SBOMs

security · hot · takes · sboms · threat · intel · networking · systems · sbom · bills · materials · concept · debate · mandate · software.

This briefing captures a candid, debate-style discussion between two security practitioners about Software Bills of Materials (SBOMs) — what they are, why regulators are pushing them, whether the industry effort they demand is actually paying off, and what might come next in the broader "bill of materials" family of supply-chain transparency concepts.

The SBOM concept is modeled directly on the traditional manufacturing bill of materials (BOM). In physical manufacturing, a BOM is a structured list of every component, sub-component, and part required to build a product.

The classic analogy used to introduce the concept: consider a car. As part of that car, there is a steering wheel and an airbag. For that airbag to function correctly, there is an ignition switch as one of its components. If a defect is found in that switch — or in any other component — the manufacturer can issue a recall targeted at exactly the vehicles that contain the defective part, because the BOM tells them precisely which units include it.

Sign in to read this course

A free account unlocks all 514 courses. 20 are readable without one.

What's inside

3 sections
  1. 1 Table of Contents
  2. 2 Module 1: Software Bills of Materials — Concept, Mandate, and Practitioner Debate
  3. 3 Summary

More Security Hot Takes & Threat Intel courses

View all 21

Hot Takes: Inside a Microsoft Ransomware Attack

The Marks & Spencer incident is a textbook example of how modern ransomware operations succeed by targeting identity infrastructure and virtualization hosts rather than individual endpoin...

Intermediate

IT Security Champion: Cyber Threat Intel and Emerging Threats

Security is everyone's job — not solely the responsibility of the security department. Adopting a security culture and a security mindset is the foundation of being an effective IT securi...

Intermediate

Security Hot Takes: The LastPass Breach

The LastPass breach is actually two distinct but connected security incidents, separated by several months, with confusing and inconsistent public communication from the company throughou...

Intermediate

Sandworm: Application Layer Protocol and Web Emulation

Command and control is the connective tissue of nearly every intrusion that progresses beyond initial access — without it, an attacker cannot issue commands, move laterally, or exfiltrate...

Advanced

Security Hot Takes: The Aliquippa Water Breach

The Aliquippa Water Authority breach is a case study in how a basic, avoidable systems-integration failure — not a sophisticated exploit — can expose critical infrastructure to compromise...

Intermediate

Security Hot Takes: Are You Pen Testing AI Apps?

AI applications are not "just another web app," and treating them that way leaves organizations blind to an entire class of risk. Historical precedent — such as attackers reverse engineer...

Intermediate

Interested in this course?

Contact us to book it or get a custom training plan for your team.