Why is everyone talking about
SBOMs all of a sudden? Why does this matter to a typical security
Some software vendors don’t want
SBOM, and this reminds us of the food safety rules debates in the
past, how does this analogy work here?
One interesting challenge in the
world of SBOMs and unintended consequences is that large well
resourced organizations may be better equipped to produce SBOMs
than small independent and open source projects. Is that a
Is the SBOM requirement setting
the government up to be overly reliant on megacorps and are we
going to unintentionally ban open source from the
What is the relationship between
SBOM and software liability? Is SBOM a step to this? Won’t software
liability kill open source?
How does Google prepare for
EO internally; how do we use SBOM and other related tools?
To come back to the food analogy,
SBOMs are all well and good, but the goal is not that consumers
know they’re eating lead, but rather that our food becomes
healthier. Where are we heading in the next five years to improve
software supply chain "health and
Cloud Security Podcast by Google focuses on security in the cloud, delivering security from the cloud, and all things at the intersection of security and cloud. Of course, we will also cover what we are doing in Google Cloud to help keep our users' data safe and workloads secure.
We’re going to do our best to avoid security theater, and cut to the heart of real security questions and issues. Expect us to question threat models and ask if something is done for the data subject’s benefit or just for organizational benefit.
We hope you’ll join us if you’re interested in where technology overlaps with process and bumps up against organizational design. We’re hoping to attract listeners who are happy to hear conventional wisdom questioned, and who are curious about what lessons we can and can’t keep as the world moves from on-premises computing to cloud computing.