Summary

In this episode, Paul Asadoorian and Joshua Marpet delve into the complexities of compliance, inventory management, and the emerging concepts of SBOMs, HBOMs, and FBOMs (no, not that FBOM). They discuss the importance of understanding the components and origins of hardware and software, the challenges of managing technology lifecycles, and the need for clear standards and regulations in the tech industry. The conversation emphasizes the critical role of asset inventories in maintaining security and compliance in an ever-evolving technological landscape. In this conversation, Joshua Marpet and Paul Asadoorian delve into the complexities of hardware security, the cultural shifts needed in security practices, and the importance of transparency in software and firmware management. They discuss the challenges posed by hardware backdoors, the necessity of Software Bill of Materials (SBOMs), and the hidden risks associated with firmware updates. The dialogue emphasizes the need for a cultural change in how organizations approach security and compliance, advocating for continuous management and transparency to inspire confidence in security practices.

Chapters

00:00 Introduction and Technical Challenges
02:02 Exploring Compliance and Frameworks
05:06 Understanding S-bombs, H-bombs, and F-bombs
10:10 The Importance of Inventory and Asset Management
15:01 Navigating Hardware and Software Lifecycle
19:58 Standards and Regulations in Technology
23:56 The Manchurian Microchip and Hardware Backdoors
27:44 Cultural Change in Security Practices
30:47 The Importance of Transparency and SBOMs
36:39 Challenges in Compliance and Risk Management
42:42 The Hidden Risks of Firmware and Hardware Updates