SBOMs in Application Security: From Compliance Trophy to Real Risk Reduction | AppSec Contradictions: 7 Truths We Keep Ignoring — Episode 3 | A Musing On the Future of Cybersecurity with Sean Martin and TAPE9 | Read by TAPE9

SBOMs were supposed to be the ingredient label for software—bringing transparency, faster response, and stronger trust. But reality shows otherwise. Fewer than 1% of GitHub projects have policy-driven SBOMs. Only 15% of developer SBOM questions get answered. And while 86% of EU firms claim supply chain policies, just 47% actually fund them.

So why do SBOMs stall as compliance artifacts instead of risk-reduction tools? And what happens when they do work?

In this episode of AppSec Contradictions, Sean Martin examines:

• Why SBOM adoption is lagging • The cost of static SBOMs for developers, AppSec teams, and business leaders • Real-world examples where SBOMs deliver measurable value • How AISBOMs are extending transparency into AI models and data

Catch the full companion article in the Future of Cybersecurity newsletter for deeper analysis and more research.

👉 What’s your experience with SBOMs? Have they helped reduce risk in your organization—or do they sit on the shelf as compliance paperwork? How are you bridging the gap between transparency and real security outcomes? Share your take—we’d love to hear your story.

📖 Read the full companion article in the Future of Cybersecurity newsletter for deeper insights: https://www.linkedin.com/pulse/sboms-application-security-from-compliance-trophy-sean-martin-cissp-qisse

🔔 Subscribe to stay updated on the full AppSec Contradictions video series and more perspectives on the future of cybersecurity: https://www.youtube.com/playlist?list=PLnYu0psdcllRWnImF5iRnO_10eLnPFWi_

________

This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn: https://itspm.ag/future-of-cybersecurity

Sincerely, Sean Martin and TAPE9

________

Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️

Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-location

To learn more about Sean, visit his personal website.

Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.