Stirring the SBOM Soup with FIPS (E11b)
If successful, the recent xz Utils backdoor to SSH could have overshadowed the impact of the SolarWinds event in 2020. Unlike the SolarWinds event, this vulnerability had the potential to impact both enterprise and embedded systems/IoT devices worldwide. While the investigation is ongoing, many lessons remain to be learned, and questions remain unanswered. This talk will discuss the event’s anatomy, the role of EO 14028 and Security of Software Supply Chains, the potential benefits of an SBOM, and how FIPS could be applied to SBOM and SOUP.