This should be relabeled "Common Sense". So many important and profound observations and recommendations that propose a "Left of Bang" approach to proactively detect and prevent bad things from happening internally by entering though the software supply chain.
"So if you think about the first deliverable that I mentioned, the Cyber Defense Pledge, as left of the bang — by which I mean all of the things that need to happen before incidents take place"
Getting left of bang is about being able to intervene earlier on the attack timeline and prevent criminal acts from occurring. Left of bang is not just a point on an abstract timeline, but a state of mind that requires we re-examine situational awareness.
An SBOM is also key to enabling "Left of Bang" proactive protections in the software supply chain that also helps to rebalance cyber-risks in accordance with the National Cybersecurity Strategy