NetBOM’s Reboot: The Personal Story Behind the Innovation

NetBOM’s Origin: The Personal Story Behind the Innovation

(A Personal Story About Innovation, Resilience, and the Road to NetBOM v2)

In 2021, during one of the most difficult times in my life, the idea for NetBOM was born. My wife was undergoing treatment for breast cancer, and amidst the uncertainty and stress, I turned to research and writing as a way to cope. That December, I took some time off over the holidays and decided to focus on a personal cybersecurity project: isolating my smart thermostats. I wanted to create firewall rules that would allow them to connect only to the servers they truly needed.

The experience was fun, then frustrating. I got very few answers from the manufacturer of the thermostats and ended up researching others who tried the same thing. Finally I had to isolate the thermostats and sniff traffic to get what I needed. While that tapped into my technical background, it was a lot of manual effort. It was in that moment I realized: there has to be a better way to do this. That was my ah-ha moment. I wrote a blog about it at the time if you want to learn more details.

As I thought about the complexity of securing connected devices, it reminded me of the momentum behind Software Bill of Materials (SBOM), a new approach to supply chain security that was gaining traction in cybersecurity circles. If SBOMs could provide transparency into software components, why couldn’t we apply a similar concept to the network behavior of connected devices? That’s when the concept of the Network Bill of Materials took shape in my mind. The novice marketer in me knew I needed a good name and logo. I quickly searched for available domains, locked one down, and worked with a designer to create the first NetBOM logo.

With the branding in place, I started writing the first draft of what would eventually become the NetBOM white paper. A few colleagues reviewed it, providing great feedback that helped refine my vision.

About a month before I planned to publish it, I mentioned NetBOM to a group of colleagues at the start of an advisory board meeting. That’s when one of them said:
"This sounds a lot like what MUD and BRSKI do."

As someone with numerous patents, I’m no stranger to conducting prior art searches—but somehow, I had missed these technologies. My original research hadn’t surfaced MUD (Manufacturer Usage Description) or BRSKI (Bootstrapping Remote Secure Key Infrastructure), and even my colleagues who reviewed the paper weren’t familiar with them. I dug in, and sure enough, there was overlap between these existing standards and what NetBOM proposed.

Honestly, this revelation deflated me. I had invested so much time and energy into NetBOM, only to discover that I wasn’t the first to think of something similar. While I picked up the project from time to time, I never fully dedicated myself to refining it—until now.

The truth is, NetBOM goes further than MUD and BRSKI in several key ways, and there is still a lot of work to do. Instead of keeping it to myself, I want to share it with the world and see if others are interested in helping develop it further.

So here we are. A new version of the NetBOM white paper is ready, and 2025 is the year I finally take this idea beyond just a concept. If you’re interested in security, supply chains, and building something innovative, I’d love for you to be part of this journey.