PODCASTS

BTS #11 - SCRM and Supply Chain Security Up and Down the Stack - Steve Orrin

By: Eclypsium
May 31, 2023
Eclypsium presents Below The Surface text on top of ocean waves

Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack.

Segment Resources: ESF: Securing the Software Supply Chain for Customers

https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER_SLICKSHEET.PDF

https://media.defense.gov/2022/Nov/17/2003116445/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_CUSTOMER.PDF ESF: Securing the Software Supply Chain for Suppliers

https://media.defense.gov/2022/Oct/31/2003105572/-1/-1/0/ESF_SECURING_THE_SOFTWARE_SUPPLY_CHAIN_SUPPLIERS_SLICKSHEET.PDF

https://media.defense.gov/2022/Oct/31/2003105368/-1/-1/0/SECURING_THE_SOFTWARE_SUPPLY_CHAIN_SUPPLIERS.PDF

ESF: Securing the Software Supply Chain for Developers

https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESF_ SECURING_THE_SOFTWARE_SUPPLY_CHAIN_DEVELOPERS.PDF

CISA SBOM Site https://www.cisa.gov/sbom

Show Notes: https://securityweekly.com/bts-11

Subscribe

Back to Blog
Related Blogs
View all
PODCASTS

BTS #43 - CVE Turns 25

Read more
PODCASTS

BTS #42 - The China Threat

Read more
PODCASTS

BTS #41 - Pacific Rim

Read more
PODCASTS

BTS #40 - Backdoors in Backdoors - Matt Johansen

Read more
© 2025 Eclypsium, Inc.