Few buzzwords are as prevalent in security right now as “software supply chain” and “SBOMs” (maybe “zero trust,” but I’m not going to talk about that). But what does it all mean? Are SBOMs really the answer to a secure software supply chain? I have spent a year building a dedicated Supply Chain Security function and team. Join me as I share my discoveries about what a secure software supply chain really is, and how SBOMs (especially in their current state) are just the beginning.