5/27/2023 0 Comments Open flipboardHow Agencies are Paving the Way for SBOMsĪgencies such as the State Department also have work to do as future SBOM consumers, said Louis Blazy, that agency’s Cybersecurity-Supply Chain Risk Management and Emerging Technologies Working Group lead, on Monday.įor starters, agencies haven’t drafted agreed-upon procurement language for requiring SBOMs in solicitations. “And it requires the whole community to really join with us to help us move along.”įollow the Story: Click the banner below to receive Insider content after the conference. “There’s a ton of work to be done in the space,” Butera said. Getting vendors on board with CISA’s admittedly radical vision for software transparency and accountability will take time. The government increasingly wants software vendors to provide SBOMs - machine-readable inventories of interrelated components - after witnessing the “cascading” effects of “significant” vulnerabilities in widely used open-source software, as with the Log4Shell vulnerability discovered in November 2021, Butera said. Speaking at ACT-IAC’s Emerging Technology and Innovation Conference, CISA’s Technical Director for Cyber Christopher Butera said his agency needs vendor feedback to ensure future, more prescriptive SBOM guidance is feasible. The Cybersecurity and Infrastructure Security Agency is developing a software bill of materials ecosystem that companies can publish to, so agencies have greater visibility into software programming libraries, versions and underlying components.
0 Comments
Leave a Reply. |