Fake Parts and Forged Paperwork

Last month, Bloomberg published a story about fake parts turning up in GE turbines. Yes, you read that right – the planes that you and I fly in at 40,000 feet contained engines with fake parts.

“If people want to cheat, it’s going to be hard to stop them.” This story is the most accurate explanation of why Automated Governance is needed in software.

It turns out that an engine parts distributor forged paperwork allowing fake parts inside of GE turbines. Now mechanics are racing to find the affected engines before anything goes wrong.

The same risk applies with software, except the risk of fake parts isn’t limited to just the passengers on an airplane, it affects everyone that uses the software. For companies in high-risk industries like medical technology, banking, and infrastructure, the ramifications of forged paperwork could be fatal.

Automated Governance employs immutable attestations throughout your software development lifecycle to combat this very risk. That’s what Fianu Labs protects you against.

SBOMs are extremely useful and solve a critical inventory problem that gives you the power to know everything that’s in your software (i.e. which engines have parts from the bad distributor).

When you’re writing software, you should know if a part is faulty BEFORE you build your engine, not after. An evolution toward a Software Bill of Attestations (SBOA) can tell you not only what’s in your software, but how it was built, scanned, tested, and reviewed so that you can decide if you want to ship to your customers.

‍