Passionate about ICS incident response panel ⁦SCADAhacker⁩ ⁦Robert M. Lee⁩ ⁦CSA⁩ #otcep | …person on right is making a point 😁

Very exciting to see Microsoft open source their internal SBOM generation tool. Would love to hear what you think of it. devblogs.microsoft.com/engineering-at…

Thomas Pace of NetRise Inc. presenting a great talk in the challenges of looking up OT vulnerabilities in public vulnerability databases at #icscc22. Definitely worth listening to!

I've been active in the #foodandbeverage industry since my BCIT lab days when Kraft Foods was a major research sponsor. It is great to see a major player in the space take #softwaresupplychainsecurity so seriously. See you at #S4x23 - I'll be in the #SBOM pavilion!

I'm delighted to have Kevin join us as CEO at aDolus. I've known Kevin for years - he is an insightful leader who really understands the security industry. With his proven track record of solving customer challenges and growing revenue, I look forward to a fruitful collaboration.

A very amusing story of how #ChatGPT led one of the aDolus Inc. team down a giant rabbit hole of #misinformation. Highly recommended reading for anyone thinking of using #GenerativeAI

#OTCEP 2023 is starting. Minister Josephine Teo is presenting a great summary of the risk and opportunities for OT systems.

The Microsoft Digital Defense Report (#MDDR 2023) dropped today and we provided key research and analysis for the section on OT #vulnerabilities. Read how we used machine learning to analyze manufacturer and industry disclosures to identify CVEs in PLCs. adol.us/46eThYU

Effective hunting for #vulnerabilities in #OT requires navigating the namespace problem (i.e., most product and vendor names have multiple aliases), plus the ability to process text-based data such as massive PDFs from vendors. Our blog explains how we did it for the #MDDR

The 2023 #MDDR report shines a sharp light on the state of OT firmware updates. You can read more about the actual statistics and my thoughts on the reasons in my blog.

If you’ll be at the SecurityWeek ICS Cybersecurity Conference in Atlanta, track me down. I'm happy to explain how the industry made huge strides using SBOMs to secure software supply chains. #ICSCC23

The EU Cyber Resilience Act took a big step toward enactment this week. Read our blog to get Eric Byres's commentary on the implications this legislation has for software supply chain security. #SBOM #vulnerabilitymanagement adol.us/3Rf2SZF

Most SBOM initiatives have been coming out of the US, thanks to EO14028. Now, the EU is adding teeth to requirements for SBOMs with its Cyber Resilience Act. Check out my summary of the impact on the IoT/OT markets; let me know if you agree that it could have a massive impact.

aDolus Inc. Eric Byres I was in Brussels last week talking about this exact issue with Commission staff and ENISA experts. Glad that you're monitoring this, and always happy to hear your thoughts.

Read Eric Byres's latest blog on Evolving Threats and Regulations in Software Supply Chain Security. Attacks are on the rise — Eric touches on topics he'll discuss at #S4x24, like software supply chain attacks definitions, #vulnerabilities, #SBOMs. adol.us/42Tifwl

Check out this post on responding quickly to open-source supply chain attacks, in this case, the #XZ hack. This backdoor was deliberately injected into the widely used secure shell service daemon #sshd by unknown attackers (IMHO a nation-state: see also wired.com/story/jia-tan-…)