Cloud & Software Supply Chain Risk — SBOM/Attestation at Scale and Third‑Party Reality (R12c)
SBOM is not the finish line. This talk focuses on operationalizing SBOMs, signing/attestation, third-party dependency governance, and what the DIB should learn from incidents where the supply chain or a cloud dependency became the outage/root cause.