Industry groups have written to lawmakers, warning that software supply chain proposals included in the House version of the 2023 National Defense Authorization Act are “vague” and “internally inconsistent.” In a letter sent to House Armed Services Committee leadership from both parties, the Alliance for Digital Innovation, the Software Alliance, Cybersecurity Coalition and the Information Technology Industry Association criticized an amendment to the defense policy that would codify a software bill of materials in the federal procurement process... According to the industry groups, in its current form, the amendment does not specify whether the bill of materials is limited to software or relates to all components. Risk management guidelines included in the amendment are also at odds with guidance from the Office of the Director of National Intelligence, the National Security Agency and CISA, the trade groups added. The missive follows a White House memo published earlier today that will require vendors to self-attest their compliance with NIST software supply chain requirements before providing their services to federal agencies... Read the full article here.