S-Bombs Fucking Software Bill of Materials

Log4j wasn't really what you would call a supply chain no it was just a vulnerability in a third party dependencyYeah exactly i don't know which is more commonly known as like security right yeah right. I keep hearing about s-bombs fucking software bill of materials yeah and i just don't want to have to do more work to make an executive order be checked for something that isn't gonna offer a tangible security benefit. Unless you are a mega mega mega large organization if you are using if you are tracking just your third party dependency sanely  you probably have things coming in from different uh different versions, he says.