What’s Really in the Box? The Case for Hardware Provenance and HBOMs
Allan Friedman
DEF CON 33 (backfill) · Day 1 · Main Stage
In this DEF CON talk, Allan Friedman, a prominent figure in the **Software Bill of Materials (SBOM)** movement during his decade as a US government lead for supply chain security, shifts focus to the burgeoning and complex challenge of **Hardware Bills of Materials (HBOMs)**. Friedman argues that understanding the provenance and composition of hardware components, particularly semiconductors, is the next critical frontier in supply chain security. The talk dissects the multifaceted risks inherent in modern hardware supply chains, from pervasive counterfeiting and exploitable vulnerabilities to active tampering and geopolitical pressures.
AI review
Friedman is the right person to give this talk — he built the SBOM playbook and knows exactly where the bodies are buried in supply chain policy. But this is a framing and advocacy talk, not a research drop: it maps the problem space, argues for community engagement, and draws SBOM analogies. Useful, competent, not groundbreaking.