So, What the Heck Are You Supposed to Do with an SBOM? with Dr. George Shea, Chief Technologist at the Foundation for Defense of Democracies

Written By Ryan Owen

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dr. George Shea, the Chief Technologist of the Transformative Cyber Innovation Lab (also known as the TCIL or the Lab) of the Foundation for Defense of Democracies (FDD), a nonprofit, nonpartisan 501(c)(3) research institute that concentrates on foreign policy and national security. George is also a member of the Operational Resilience Framework (ORF) Task Force, Cybersecurity Canon, and a contributor at The CyberWire


Together, Eric and George examine the continuous visibility that SBOM brings to software supply chains, the push for SBOM's adoption and use, and the thorny questions that enterprises face when they adopt this critical tool. 


Interview with Dr. George Shea 

 

Dr. George Shea, Chief Technologist at FDD, has made vast contributions in SBOM research and thought leadership and to the wider discussion of how to advance cybersecurity. Prior to joining FDD, George served as a Chief Engineer at MITRE, leading initiatives to improve the technical integrity and quality of the products and deliverables of the IT services and consulting leader. She holds a Doctor of Computer Science degree from Colorado Technical University and an MS in Computer and Information Sciences and Support Services from Regis University. 


In this episode, Eric and George discuss:

  • How the SBOM offers critical visibility into the supply chain vulnerabilities of existing software deployments

  • The source of the push for SBOM's adoption and use: government or private sector? 

  • Regulators' slow walk toward requiring SBOM as a cybersecurity practice

  • The thorny questions that come with adopting SBOM: how to generate, deploy, and use an SBOM

  • Critical next-step SBOM considerations such as formats, required fields, ensuring its reporting integrity, and building a mechanism to follow through on its results


Find George on LinkedIn:

Dr. George Shea: https://www.linkedin.com/in/drgeorgeshea/

 

Learn more about the Foundation for Defense of Democracies (FDD): https://www.linkedin.com/company/foundation-for-defense-of-democracies/


To see Dr. Shea's Working Draft of the SBOM Lifecycle and Landscape and the SBOM Use Case with RMF that she references on this episode, please see this link


Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.

 

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

 

To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

Ryan Owen
Previous

The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State
Next

What's Going on with ICS Security, and What's SBOM Got to Do with It? with Dale Peterson, ICS Security Catalyst and Founder of S4 Events