Announcement from Tom Dec. 15: The two webinars on software bills of materials scheduled for this Thursday have been postponed until January. NTIA will send further details about the date and connectivity over the coming weeks. More information will also be posted at https://www.ntia.gov/softwaretransparency. Please reach out to afriedman@ntia.gov if you have any questions.
I announced recently that a Proof of Concept (PoC) for the use of
software bills of materials (SBoMs) by the electric power industry will start
in early 2021. I’m now pleased to announce that there will be two webinars on
December 17 that will:
·
Discuss SBoMs, why
they’re important, and how they can be used to reduce supply chain cyber risk;
·
Discuss how the PoC could
work; and (most importantly)
·
Answer questions on
SBoMs and the PoC.
There will be two one-hour webinars
on the 17th: one at 9AM ET and the other at 4PM ET. The content of the presentations
will be the same. Both webinars are open to anyone anywhere in the world (one
reason for doing two sessions at the beginning and end of the same day). I will
publish the access information in my blog when it’s available, probably next
week.
Both webinars will be led by Dr.
Allan Friedman of the National Technology and Information Administration of the
US Department of Commerce. Allan has been leading the Software
Transparency Initiative since its inception in
2018. I want to point out that NTIA’s reason for existence is to help new
technologies find widespread acceptance (one notable early NTIA success being
DNS, which last time I checked – a minute ago when I clicked on a URL – is now
widely accepted). Note that NTIA has nothing to do with regulations.
The PoC will involve small numbers
of (hopefully) each of the following groups:
1.
Software suppliers to
the electric power industry;
2.
Electric utilities and
independent power producers, including the trade associations and other
industry organizations;
3.
Service providers who
can help facilitate the production, distribution and use of SBoMs; and
4.
Providers of software
tools that can “ingest” the SBoM data and use it to enhance your organization’s
security. This includes tools for configuration management, vulnerability
management, and asset management.
However, we certainly aren’t going
to ask people who sign up for the webinar whether they want to join the PoC or
not; the webinar is strictly informational. In fact, once the PoC starts next
year, you won’t even have to be a formal participant in the PoC to follow what
goes on. There will be (most likely) weekly web meetings that will be open to
anybody. In these meetings, we will discuss issues that have come up in the PoC
and their resolution. The documents that are drafted based on lessons learned
in the PoC will be edited in these meetings; all meeting participants will be
able to contribute.
If you would like a calendar
invitation to one or both of the meetings when available next week, please send
an email to afriedman@ntia.gov. And drop Allan or me an email if you have questions now,
or if you would like to schedule a conversation before the webinars.
I hope you can be there on the 17th!
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would
love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment