Reply to post: SBOM = Pass the buck

SBOM is a 'massive galaxy of mess' for supply chain security

Anonymous Coward
Anonymous Coward

SBOM = Pass the buck

The problem I see with the SBOM is the end user/customer is then expected to manage the risk around it, but that should be the job of the company who decided to adopt X registry, not the end user.

We buy cars, we aren't expecting to deal with the quality of rubber going into the tyres. IT products should be the same - it's a supply chain responsibility with each link along that chain responsible for it's step.

There should be legal ramifications for those not doing so, rather than simply lumping the entire responsibility on the end user as Talos seem to expect. not every company has "their own people" who can contribute to code even if they have an SBOM, which is fantastically unlikely at best.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon