The recent executive order requiring SBOMs (Software Bill of Materials) of those supplying software to the federal government has been instrumental in advancing the conversation around software supply chain security – but SBOMs are just the tip of the iceberg, and quite possibly, not even the most interesting or promising part.

Cisco distinguished engineer Ed Warnicke and Cisco technical marketing engineer Michael Chenetz were joined by Aeva Black, OmniBor Project – Microsoft, Brandon Lum, Guac and Google, Dan Lorenc, Wolfi/Chainguard, and Cole Kennedy, TestifySec. Topics included:

• Software supply chain mistakes of the mid-2000s that are being replicated in a cloud-native world
• The difficulty of establishing a single source of truth for a software supply chain.
• The (bright!) future for software supply chain security, including promising advances from projects such as in-toto and OmniBOR.

Outshift is Cisco’s incubation engine, innovating what's next and new for Cisco products and sharing our expertise on emerging technologies. Discover the latest on cloud native applications, cloud application security, generative AI, quantum networking and security, future-forward tech research, our latest open source projects and more.

Keep up with the speed of innovation:
→ Learn more: http://cs.co/6050psmui
→ Read our blog: http://cs.co/6051psmuc

Connect with us on social media:
→ LinkedIn: http://cs.co/6052psmuY
→ Twitter / X: http://cs.co/6053psmul
→ Subscribe to our YouTube channel: http://cs.co/6054psmum