X

Request a demo

Thank you. We will be in touch with you shortly.
Cybeats announces brand new BCA Marketplace for SBOM generation. Read the announcement.

What Could Possibly Go Wrong?

The famous last words of Florida Man throughout history. The final stand of active theorists immediately before each narrative fork. These words ring an ancient bell in the backs of our minds as our earliest ancestors recall Bloody Stupid Ug and their bright idea to bring fire into the cave. What could possibly go wrong?

I'm sure that will hold.

Ventilation, Ug. We needed to invent ventilation, first, Ug.

As we look at the looming wave of Good Intentions and Really Bright Ideas associated with software supply chain security there are good reasons we find ourselves scanning for handy escape paths. Just in case. Many a fine idea that would in fact turn out helpful in the end also illustrated unknow failure states in associated systems. Like breathing.

Companies exist because it is possible to predict the cost of doing something within a known range of certainty. Increasing that certainty increases the productivity and profitability of a company, reducing certainty about costs reduces productivity and profitability. Companies across virtually all sectors are today eyeing with understandable uncertainty these new fangled Software Bills of Materials and other software supply chain artifacts in the process of being invented.

There are certainly things to do for most parties to get to the promised future where we will know where the software we use comes from. Hopefully for most companies this will be a small step buried in existing procurement and legal processes and largely go unnoticed. For many firms it will fit inside of ongoing retooling and have most of its impact on operational systems. In some cases it will bring strategic shifts that create risks and opportunities that executive teams may be well served to pay quite a bit of attention to.

What could possibly go wrong? The policies implemented by key players like the US federal government and associated private entities could get bogged down in academic or bureaucratic mire. The standards and methods and tools used could make early efforts more or less successful. It could take longer to realize benefits, there could be additional as yet unforeseen work to be undertaken, we could be missing something.

The words have been said, though. Even those of us who said it harbor our own concerns as we march forward to show the startled onlookers how well this will work. But we said it, so we can’t stop now. We are all going to find out one way or another, and the only thing absolutely certain is there will be some great clips to share on social media.

What could possibly go wrong?

The Importance Of Validation In SBOM Generation

March 19, 2024

Tern is an open source software composition analysis and SBOM generation tool that generates SBOMs from container images. However, upon running this tool and generating a CycloneDX SBOM, a problem arose.

Read More →

The Power of SBOMs: Building Resilience in Our Critical Infrastructure

March 4, 2024

As a member of the PCAST Working Group on Cyber-Physical Resilience, I was involved in crafting the recent report outlining crucial steps to fortify the intricate systems that underpin our daily lives. One of our key recommendations, "Recommendation 4B: Promote Supply Chain

Read More →

Revolutionizing Healthcare Security: The Power of the Health-ISAC and Cybeats Partnership in SBOM use

December 15, 2023

Notably, the Health Information Sharing and Analysis Center (Health-ISAC) is entering into a partnership with Cybeats, a leading software supply chain intelligence company, marking a substantial advancement in healthcare cybersecurity.

Read More →

See Cybeats Security
Platform in Action Today.