I’m pleased to announce that the
informational webinar that was scheduled for December 17 but had to be
cancelled two days before that date, has now been rescheduled for January 26.
As was the case in December, the same webinar will be given at the beginning
and end of the day: 9 AM and 4 PM Eastern time (although you’re welcome to
attend both, since there will undoubtedly be different questions at the two
webinars. Both will be live).
I’ve reproduced below an
announcement put out today by Dr. Allan Friedman, director of the Software
Transparency Initiative of the National Technology and Information
Administration (NTIA), which is part of the US Department of Commerce. The announcement
includes the connection information for both webinars. There is no requirement
to register in advance.
Because it’s been more than a
month since I discussed this webinar or why it’s taking place (and since I may
have some new readers who didn’t see my previous posts on this subject), I’ll
briefly summarize:
1.
Allan is leading
a multi-year “multistakeholder process” to promote the production (by software
suppliers) and use (by companies that use software, meaning just about every
company on the planet) of software
bills of materials (SBoMs). Note that the NTIA does not develop
regulations, standards, or even guidelines. Its goal is to help private
industry smooth the path to widespread use of promising new technologies (a previous
huge NTIA success was DNS).
2.
The group – composed of
people from a cross-section of industries – has decided the best way to
accomplish their mission is to conduct “proofs of concept” in particular
industries. In these, suppliers and user organizations work together to test
procedures for producing, distributing and “consuming” SBoMs.
3.
The healthcare industry
was the pioneer organization for this. They started their first proof of
concept in 2018 and are now in the third “iteration” of their second PoC. In
each PoC and iteration, the group has been pushing farther down the road toward
full exchange and use of SBoMs, although there is no doubt that much needs to
be done.
4.
A PoC is now starting
in the Autos industry, and a
PoC will soon start in the energy (including electric power) industry as
well. Note that, even though the PoCs are for particular industries, SBoMs have
universal application and both the formats and procedures are likely to be similar
for all industries. This means that each PoC can build on what its predecessors
have already established, while at the same time allowing participants to work
with other industry suppliers and users (in the energy PoC case, the users will
include electric utilities, industry organizations, and possibly government
entities).
5.
If you are interested in
the PoC, you can either be a direct participant (in which case your organization
will need to sign an NDA) or an observer, meaning you can participate in the
public meetings, where problems will be discussed and the results analyzed – as
well as a final report drawn up. While participants need to be available for at
least 1-2 meetings a week, observers can spend as little or as much time on
this as they wish (you may also want to sign up for one or more of the NTIA’s
four working groups,
all of which have weekly meetings).
6.
The webinar is purely
informational – to introduce the industry to SBoMs and talk about the
healthcare industry’s experience with their PoC’s. There will be one or more
further informational meetings that will go into more detail on technical
issues for both suppliers and users of SBoMs. Only after these meetings will we
start to plan the actual PoC and ask for participants.
I’ll hope to see you there!
Allan’s announcement:
Most modern software is built out
of smaller software components. A "software bill of materials" (SBOM)
is effectively a list of ingredients or a nested inventory of these
components. Visibility of these components is emerging as a necessary step
in understanding software and supply chain risk.
The goal of this info session is
to make the case for transparency in the software supply chain, as well as
to give an initial overview of the global SBOM work to date. We'll also
highlight lessons from how the healthcare sector has come together to learn
about and execute SBOM technical and operational details. Participants will
emerge prepared to think about how this might impact the electric and energy
sector and begin discussions around what a proof-of-concept exercise might look
like. These discussions will continue over the coming weeks in greater detail.
There will be two similar info
sessions on January 26 to accommodate schedules. Connection information is
below. Feel free to forward. For more information, please contact Allan
Friedman: afriedman@ntia.gov
January 26, 9-10am ET
Teams Meeting
Dial-In: +1
202-886-0111,,760072759#
Global dial-in numbers: https://dialin.teams.microsoft.com/2e8e819f-8605-44d3-a7b9-d176414fe81a?id=760072759
January 26, 4-5pm ET
Dial-In: +1
202-886-0111,,760072759#
Global dial-in numbers: https://dialin.teams.microsoft.com/2e8e819f-8605-44d3-a7b9-d176414fe81a?id=760072759
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would
love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment