This article is more than 1 year old

SBOM is a 'massive galaxy of mess' for supply chain security

Talos team warns on third-party threats, but will it work? Betteridge's Law may apply

SCSW Supply chain attacks are a serious problem – yet they're long-term operations, and that gives canny admins a chance to nip them in the bud. Always remember to check the Software Bill of Materials (SBOM), and never drop your guard.

"Supply chain attacks take a long time. It's not something that you can cook up very quickly," Nick Biasini, global lead at Cisco Talos outreach, told The Register. "I have no doubt that there are many attempts to build supply chain attacks. For every successful SolarWinds breach there are probably tens of others that get caught or blocked."

That said, things have become a lot riskier of late, in part due to Russia's bloody invasion of Ukraine. Biasini said he had no doubt that Russian adversaries are in active attack mode – but getting a successful hack takes time and delicacy.

After years on the job he gives some tips on how to avoid the next attack for The Register's Supply Chain Security Week – check it all out in the video above. ®

More about


Send us news

Other stories you might like