The famous last words of Florida Man throughout history. The final stand of active theorists immediately before each narrative fork. These words ring an ancient bell in the backs of our minds as our earliest ancestors recall Bloody Stupid Ug and their bright idea to bring fire into the cave. What could possibly go wrong?
Ventilation, Ug. We needed to invent ventilation, first, Ug.
As we look at the looming wave of Good Intentions and Really Bright Ideas associated with software supply chain security there are good reasons we find ourselves scanning for handy escape paths. Just in case. Many a fine idea that would in fact turn out helpful in the end also illustrated unknow failure states in associated systems. Like breathing.
Companies exist because it is possible to predict the cost of doing something within a known range of certainty. Increasing that certainty increases the productivity and profitability of a company, reducing certainty about costs reduces productivity and profitability. Companies across virtually all sectors are today eyeing with understandable uncertainty these new fangled Software Bills of Materials and other software supply chain artifacts in the process of being invented.
There are certainly things to do for most parties to get to the promised future where we will know where the software we use comes from. Hopefully for most companies this will be a small step buried in existing procurement and legal processes and largely go unnoticed. For many firms it will fit inside of ongoing retooling and have most of its impact on operational systems. In some cases it will bring strategic shifts that create risks and opportunities that executive teams may be well served to pay quite a bit of attention to.
What could possibly go wrong? The policies implemented by key players like the US federal government and associated private entities could get bogged down in academic or bureaucratic mire. The standards and methods and tools used could make early efforts more or less successful. It could take longer to realize benefits, there could be additional as yet unforeseen work to be undertaken, we could be missing something.
The words have been said, though. Even those of us who said it harbor our own concerns as we march forward to show the startled onlookers how well this will work. But we said it, so we can’t stop now. We are all going to find out one way or another, and the only thing absolutely certain is there will be some great clips to share on social media.
What could possibly go wrong?
September 5, 2023
Unlocking the Potential: How SBOM Practices Revolutionize Tech IndustriesRead More →
August 15, 2023
We recently saw the publication of the National Cybersecurity Strategy Implementation Plan (NCSIP)Read More →
June 1, 2023
Last month I wrote about using a Software Bill of Material (SBOM) as a valuable tool for managing cybersecurity risk.Read More →