Whats in my sBoM and hBoM? (A01a)
We are increasingly dependent on Open Source Software and COTS components to build trusted security systems. This talk will explore the challenges around assuring the supply chain. This talk will offer a perspective from a vendor of cryptographic processors that are often regarded as the root of trust for security systems (HSMs). The speaker will try to identify the challenges we face in today’s climate where we are influenced by socio-economic factors, chip shortages, and ever more determined threat actors. The speaker will discuss some mitigation approaches and seek a standard certifiable approach to assurance.