2020-028-Shlomi Oberman, RIPPLE20, supply chain security discussion, software bill of materials

Summary: Full show notes at https://www.brakeingsecurity.com Supply chain issues What should companies do when they don’t know what’s in their own tech stack? Vendor Contact Are some devices and systems more vulnerable than others? What’s the initial email look like when you tell a company “you’re vulnerable to X”? How did you tailor your initial response when you learned of the position of the person? Was it worth the effort coordinating with Treck?