Allan is @allanfriedman on bsky & infosec.exchange

In past 15 yrs, I've seen lots of tech folks work on policy, & policy ppl tackle tech. Best predictor of interdisciplinary success: humility

In case you missed my news elsewhere: This will be my last week at CISA. I’m sad to be leaving a great team, but very excited for some new projects. And don’t worry—I’ll be finding ways to help out with #SBOM! meritalk.com/articles/cisa-…

@ITGRC If you’re looking for more discussions around SBOM and related supply chain issues, happy to chat!

SBOM 101: Understand, Implement & Leverage SBOMs for Stronger Security & Risk Management get.anchore.com/sbom101-guide-…

Setting up for our first ever SBOM Solutions Showcase! This Denver ballroom will be filled with 24 organizations from around the world to meet your #sbom needs, with many more listed online. cisa.gov/resources-tool…

@ShortArmSAS @LionfishCyber Nice description, and I do like the pushback on the relationship between compliance and security. It can help start things rolling and help prioritize. Thanks @EanMeyer for sharing.

We asked #podcast guest Jeremy Miller to tell us all about @LionfishCyber and what makes them awesome in the #CyberSecurity space.

Did you know @Docker has an integration for SBOM generation? $ docker sbom gitweekly/git-weekly On Docker Engine you can install it manually. github.com/docker/sbom-cl…

@ravirockks @d_jaishankar @arekfurt @ImposeCost @redunley @thegrugq @WatermanReports @VirpratapVS @DanLGolden @emmacs26 Thanks for sharing these. Something to read through while stuck in canceled flight hell on my way home from Black Hat.

cc: @d_jaishankar, @arekfurt, @ImposeCost, @redunley, @thegrugq, @WatermanReports, @allanfriedman, @VirpratapVS, @DanLGolden, @emmacs26

The far more learned than I have done excellent pieces on CrowdStrike. In my vanity, I have composed three. Each exploring one of the three limbs of how this is the case study my PhD has been waiting for. Here's the first one: what happened and why. atechnolegalupdate.medium.com/crowdstrikes-c…

Just released an exciting episode of "Nerding Out with Viktor" featuring @allanfriedman from @CISAgov! We dive into Software Bill of Materials (SBOMs) and their crucial role in cybersecurity. Don't miss this deep dive into the future of secure software! Catch the full episode on your favorite podcasting platform here: vpetersson.com/podcast/S01E16…

@daveaitel @ericgeller and ditto to attack the LLM, yes?

@ericgeller Most of what it takes to make the LLM good at this has nothing to do with the llm itself but is all about the tools around the llm...

DHS says CISA’s test of AI vulnerability detection methods (required by Biden’s AI EO) determined that “the best use of AI for vulnerability detection currently lies in supplementing and enhancing, as opposed to replacing, existing tools.” dhs.gov/news/2024/07/2…

If you are curious about what #SBOM, #SLSA and #Scorecard are, and how they inter-relate to strengthen #software #security and #trust, you should read this post from @cpswan 👇 blog.thestateofme.com/2024/07/22/sup…

@eracent Next time the team is in DC, drop a line. Happy schedule a meeting and hear from you about SW transparency.

Members of Eracent's Board of Directors and leadership team visited a hectic Washington D.C. on July 24 to meet with members of the House Homeland Security Committee. We discussed governing cyber tools, processes and people together to ensure effective protection. #SBOM #cyber

Now that a patch is available, affected grid operators must do the hard work to identify the affected RTUs running vulnerable firmware. This vulnerability highlights a need for a robust ICS SBOM solution.

Solid write up of what a maturing organization should think through for SBOM processes, from whichever vendor or tools you choose.

Got a chance to try this yesterday at a tasting. It has some fun character and complexity. A bit like fino sherry en rama versus good fino.

he wife surprised me with a picnic and what portends to be a fun summer evening in downtown DC.

The updated Software Bill of Materials (SBOM) Frequently Asked Questions (FAQ) provides information on the benefits of SBOM, common misconceptions and concerns, creation of an SBOM, distributing and sharing an SBOM, and role specific guidance. go.dhs.gov/37S

Living the “champagne lounge, steerage seats” lifestyle. Looking forward to a great week in Seoul, talking about supply chain security, OSS, and—of course—#SBOM

Some good points on the economics there. Not sure I agree with the conclusion, but more people (esp in positions like mine and my agency's) should grapple with this essay.

Sometimes, one may need a pile of lobstah.

I’m a city boy, but it really is nice to get away from time to time. Have a great week, everyone!