Marc Frankel

Like, you know, you don't want to see those, you know, big stacks, the reams of paper or the change control board meeting that was supposed to happen.

Like, you know, you don't want to see those, you know, big stacks, the reams of paper or the change control board meeting that was supposed to happen.

Yeah. Right.

Yeah. Right.

And it just goes to show you, you know, if anybody deserves visibility, like we have it, we have a duty to do this. We have a duty to get it right. Much like any of your listeners have a duty to make sure that they understand what's inside the 18 wheeler that pulls up to the front gate.

And it just goes to show you, you know, if anybody deserves visibility, like we have it, we have a duty to do this. We have a duty to get it right. Much like any of your listeners have a duty to make sure that they understand what's inside the 18 wheeler that pulls up to the front gate.

They also have a duty to understand what's inside the software application that pulls up to the proverbial front gate of their network. And in the rapidly changing cyber threat landscape to monitor those things, not just when you bought it, but every day thereafter. And it's kind of crazy that it's 2024 and that's not just common practice everywhere.

They also have a duty to understand what's inside the software application that pulls up to the proverbial front gate of their network. And in the rapidly changing cyber threat landscape to monitor those things, not just when you bought it, but every day thereafter. And it's kind of crazy that it's 2024 and that's not just common practice everywhere.

But it's going to take hardworking individuals like yourself, like your listeners, to get us to a place where we can recover from the growth of open source software without an accompanying inventory.

But it's going to take hardworking individuals like yourself, like your listeners, to get us to a place where we can recover from the growth of open source software without an accompanying inventory.

Yeah, it's a great question. The next frontier of this, the equally scary frontier, is much like we consume software, unfortunately, without asking what's in it, so too do we consume AI applications without asking what's in them. And if you had AI on your bingo card for this podcast, congratulations. Hopefully it was the center square and you win. You know, everybody's talking about AI.

Yeah, it's a great question. The next frontier of this, the equally scary frontier, is much like we consume software, unfortunately, without asking what's in it, so too do we consume AI applications without asking what's in them. And if you had AI on your bingo card for this podcast, congratulations. Hopefully it was the center square and you win. You know, everybody's talking about AI.

AI is eating the world. We're sprinkling AI fairy dust on everything. The boring, unsexy, infrastructurally critical work of documenting which models does this AI application use and which data sets are those models trained on is absolutely essential. We only get one opportunity to close this barn door before the horses all run out of it.

AI is eating the world. We're sprinkling AI fairy dust on everything. The boring, unsexy, infrastructurally critical work of documenting which models does this AI application use and which data sets are those models trained on is absolutely essential. We only get one opportunity to close this barn door before the horses all run out of it.

There are hundreds, if not thousands of AI applications, I'm sure, in use in the food service industry every single day. For your listeners or for you, Kristen, ask yourself, which models do they use and which data sets are they trained on? Where's that list?

There are hundreds, if not thousands of AI applications, I'm sure, in use in the food service industry every single day. For your listeners or for you, Kristen, ask yourself, which models do they use and which data sets are they trained on? Where's that list?

What happens if one of those data sets is found to be problematic, either accidentally because it biases against a certain race or a certain religion or a certain hair color or whatever, or intentionally because the China's or the Russia's or the North Korea's of the world poisoned a particular data set or because it contains illegal information.

What happens if one of those data sets is found to be problematic, either accidentally because it biases against a certain race or a certain religion or a certain hair color or whatever, or intentionally because the China's or the Russia's or the North Korea's of the world poisoned a particular data set or because it contains illegal information.

I'll tell you one very quick and scary story, and then hopefully we can end on a more positive note. But if we don't have an inventory of what's inside the stuff that we buy, writ large, doesn't matter if it's AI, doesn't matter if it's traditional software, doesn't matter if it's Raisin Bran, we are vulnerable when the upstream components are found to be problematic.

I'll tell you one very quick and scary story, and then hopefully we can end on a more positive note. But if we don't have an inventory of what's inside the stuff that we buy, writ large, doesn't matter if it's AI, doesn't matter if it's traditional software, doesn't matter if it's Raisin Bran, we are vulnerable when the upstream components are found to be problematic.