Kristin Demoranville

So Mark, can you give top five things if you're concerned that you might have an issue with SBOMs in your company, like what to do? And I don't necessarily need to go into massive detail. I love this six-year-old explanations you're doing because for myself as well, even though I am familiar with them, it helps. So thank you. Sure.

And before people go, oh, my company doesn't develop software, you probably do and you don't realize it. Because a lot of the- Chuck E. Cheese developed software. Right, that's terrifying. Because I immediately thought of the mouse moving around and I thought, well, that's probably a software built in the background. I thought of the ball pit.

And before people go, oh, my company doesn't develop software, you probably do and you don't realize it. Because a lot of the- Chuck E. Cheese developed software. Right, that's terrifying. Because I immediately thought of the mouse moving around and I thought, well, that's probably a software built in the background. I thought of the ball pit.

Yeah, definitely. And I think a lot of people just need to take a look at third party risk management. And that doesn't necessarily mean on a cybersecurity front, there's enterprise third party risk management, you know, and what is your company actually doing? Are you managing your vendors? Are you asking questions? Are you being due diligent? And to me, this is part of food safety culture.

Yeah, definitely. And I think a lot of people just need to take a look at third party risk management. And that doesn't necessarily mean on a cybersecurity front, there's enterprise third party risk management, you know, and what is your company actually doing? Are you managing your vendors? Are you asking questions? Are you being due diligent? And to me, this is part of food safety culture.

You have to be due diligent. People are coming into your facilities, whether it's digitally or physically, they should be questioned at the door. And not just because you're an exclusive club, mainly because you're an exclusive club, but you have to have bouncers and that's what this is. This is about protecting the food systems that we have because we have to do it.

You have to be due diligent. People are coming into your facilities, whether it's digitally or physically, they should be questioned at the door. And not just because you're an exclusive club, mainly because you're an exclusive club, but you have to have bouncers and that's what this is. This is about protecting the food systems that we have because we have to do it.

We've now live in a world that is changed. This wasn't a question 20 years ago.

We've now live in a world that is changed. This wasn't a question 20 years ago.

necessarily and now all of a sudden it's become that I think about like the the chipsets for boards and things like that I've watched them being made in factories before and I often question does anybody have what happens with the software that goes on this do we have like a list of things that go on this and people always looked at me weird and I was like but I'm just curious like what are you doing and the question always was it goes to the the vendor and then they do what they want with it but we made the board are we responsible

necessarily and now all of a sudden it's become that I think about like the the chipsets for boards and things like that I've watched them being made in factories before and I often question does anybody have what happens with the software that goes on this do we have like a list of things that go on this and people always looked at me weird and I was like but I'm just curious like what are you doing and the question always was it goes to the the vendor and then they do what they want with it but we made the board are we responsible

I don't know, like those kind of things start to come in my mind for when I talk about SBOMs because where does the responsibility really lie? You know, is it, I think it's both parties. I think it's the receiver and the giver for sure have to be responsible on both sides of the house for what they do with their software. It's basic hygiene, really.

I don't know, like those kind of things start to come in my mind for when I talk about SBOMs because where does the responsibility really lie? You know, is it, I think it's both parties. I think it's the receiver and the giver for sure have to be responsible on both sides of the house for what they do with their software. It's basic hygiene, really.

And you wouldn't even let your driver in the door. They sit in like a caged area inside the warehouse, generally speaking.

And you wouldn't even let your driver in the door. They sit in like a caged area inside the warehouse, generally speaking.

I think that's because people try to boil the ocean when they just need to make a cup of tea. One of my favorite quotes from a friend. It's true, though, right? Because when you look at it as a whole, it's like, oh, my goodness, like this is so much. And then you center it down to like that one warehouse that you're working with or that that one particular facility you're in.

I think that's because people try to boil the ocean when they just need to make a cup of tea. One of my favorite quotes from a friend. It's true, though, right? Because when you look at it as a whole, it's like, oh, my goodness, like this is so much. And then you center it down to like that one warehouse that you're working with or that that one particular facility you're in.

It gets a little easier to deal with because if you can get it to work in one of your production environments or your your farm or any type of industry you're in, you'll be able to duplicate it. It should be fairly easy. It might be a little more nuanced in some places, depending on what you have, if you have different regulations that are based on that.

It gets a little easier to deal with because if you can get it to work in one of your production environments or your your farm or any type of industry you're in, you'll be able to duplicate it. It should be fairly easy. It might be a little more nuanced in some places, depending on what you have, if you have different regulations that are based on that.

But generally speaking, you can duplicate the work. It's not like you're gonna reinvent the wheel every time. And I think that's what people get stressed about because supply chain in general is so daunting because you're looking at the whole supply chain. It's ginormous. You can't do that. You have to look at it and like, how does it affect me?