• Director

Trey Herr

Dr. Trey Herr is the director of the Cyber Statecraft Initiative, part of the the Atlantic Council Tech Programs, and an assistant professor of Cybersecurity and Policy at American University’s School of International Service. At the Council, the CSI team works at the intersection of cybersecurity and geopolitics across conflict, cloud computing, supply chain policy, and more. Previously, he was a senior security strategist with Microsoft handling cloud computing and supply chain security policy as well as a fellow with the Belfer Cybersecurity Project at Harvard Kennedy School and a non-resident fellow with the Hoover Institution at Stanford University. He holds a PhD in Political Science and BS in Musical Theatre and Political Science.

January 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Software liability—resurgent in the policy debate since its mention in the 2023 US National Cybersecurity Strategy—describes varied potential structures to create legal accountability for vendors of insecure software. This report identifies key design questions for such regimes and tracks their discussion through the decades-long history of the debate.
read more
September 2023

Software Supply Chain Security: The Dataset

by Will Loomis, Stewart Scott, Trey Herr, Sara Ann Brackett, Nancy Messieh, and June Lee

Want to dive deeper into the Breaking Trust database? You have come to the right place.
read more
July 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

SBOMs are an important step forward for software supply chain security, so despite pushback and opposition, industry and government should take a page out of Taylor Swift’s book and just keep cruisin’, don’t let SBOM haters get in the way. 
read more