“Wider use of software bills of materials (SBOM) requirements represents a key building block in software security and software supply chain risk management that Federal agencies need to increasingly rely on going forward, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said today.
Allan Friedman, a senior advisor and strategist for CISA, explained that software packages typically include an extensive number of third-party components, and that Federal agencies must actively watch and manage each one to preserve security and functionality...”
“Friedman said today that SBOM implementation in the Federal space remains new and emerging. And while there is no reason organizations cannot use SBOM today, ‘we cannot assume universal full automation and integration,’ he said.
Moving forward, Friedman listed three main goals in the government’s broader SBOM initiative:
Make SBOM generation an expectation in the marketplace;
Make SBOM generation easier and cheaper, at scale; and
Enable efficient and effective SBOM data consumption...” Read the full article here.
Source: CISA Official Renews Call for SBOMs to Help Software, Supply Chain Security – By Lisbeth Perez, April 21, 2022. MeriTalk.
Reply to this post...