Friday, December 4, 2020

Mark your calendar!


Announcement from Tom Dec. 15: The two webinars on software bills of materials scheduled for this Thursday have been postponed until January. NTIA will send further details about the date and connectivity over the coming weeks. More information will also be posted at https://www.ntia.gov/softwaretransparency. Please reach out to afriedman@ntia.gov if you have any questions.  


I announced recently that a Proof of Concept (PoC) for the use of software bills of materials (SBoMs) by the electric power industry will start in early 2021. I’m now pleased to announce that there will be two webinars on December 17 that will:

·        Discuss SBoMs, why they’re important, and how they can be used to reduce supply chain cyber risk;

·        Discuss how the PoC could work; and (most importantly)

·        Answer questions on SBoMs and the PoC.

There will be two one-hour webinars on the 17th: one at 9AM ET and the other at 4PM ET. The content of the presentations will be the same. Both webinars are open to anyone anywhere in the world (one reason for doing two sessions at the beginning and end of the same day). I will publish the access information in my blog when it’s available, probably next week.

Both webinars will be led by Dr. Allan Friedman of the National Technology and Information Administration of the US Department of Commerce. Allan has been leading the Software Transparency Initiative since its inception in 2018. I want to point out that NTIA’s reason for existence is to help new technologies find widespread acceptance (one notable early NTIA success being DNS, which last time I checked – a minute ago when I clicked on a URL – is now widely accepted). Note that NTIA has nothing to do with regulations.

The PoC will involve small numbers of (hopefully) each of the following groups:

1.      Software suppliers to the electric power industry;

2.      Electric utilities and independent power producers, including the trade associations and other industry organizations;

3.      Service providers who can help facilitate the production, distribution and use of SBoMs; and

4.      Providers of software tools that can “ingest” the SBoM data and use it to enhance your organization’s security. This includes tools for configuration management, vulnerability management, and asset management.

However, we certainly aren’t going to ask people who sign up for the webinar whether they want to join the PoC or not; the webinar is strictly informational. In fact, once the PoC starts next year, you won’t even have to be a formal participant in the PoC to follow what goes on. There will be (most likely) weekly web meetings that will be open to anybody. In these meetings, we will discuss issues that have come up in the PoC and their resolution. The documents that are drafted based on lessons learned in the PoC will be edited in these meetings; all meeting participants will be able to contribute.

If you would like a calendar invitation to one or both of the meetings when available next week, please send an email to afriedman@ntia.gov. And drop Allan or me an email if you have questions now, or if you would like to schedule a conversation before the webinars.

I hope you can be there on the 17th!

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

No comments:

Post a Comment