Reply to post: Misdirection???....you know....."Someone Is Doing Something, so please stop worrying"!!!

SBOM is a 'massive galaxy of mess' for supply chain security

Anonymous Coward
Anonymous Coward

Misdirection???....you know....."Someone Is Doing Something, so please stop worrying"!!!

Is a "software bill-of-materials" (SBOM) really going to help, say:

(1) When some software vendor (maybe a compiler vendor) is pretty keen on the "Ken Thompson" hack?

(2) When the ONLY way some of the hardware in a Linux box can be used is by loading a binary "blob" from the hardware originator?

(3) When you ask (for example) Cisco Systems for the SBOM(s) of all the software on the latest and greatest version of IOS? (Clue: many of the software items might be secret!!)

(4) ....and so on...

Oh....and I forgot to mention that neural networks (so called AI implementations) are VERY poor at explaining their conclusions.....and even worse when they "learn as they go"!! Good luck auditing the software....by the time it's been running for a few seconds, the audit horse is miles out of the barn!

Ref: https://dl.acm.org/doi/pdf/10.1145/358198.358210

Ref: https://www.schneier.com/blog/archives/2006/01/countering_trus.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon