Friday, January 15, 2021

The SBoM webinar has been rescheduled!


I’m pleased to announce that the informational webinar that was scheduled for December 17 but had to be cancelled two days before that date, has now been rescheduled for January 26. As was the case in December, the same webinar will be given at the beginning and end of the day: 9 AM and 4 PM Eastern time (although you’re welcome to attend both, since there will undoubtedly be different questions at the two webinars. Both will be live).

I’ve reproduced below an announcement put out today by Dr. Allan Friedman, director of the Software Transparency Initiative of the National Technology and Information Administration (NTIA), which is part of the US Department of Commerce. The announcement includes the connection information for both webinars. There is no requirement to register in advance.

Because it’s been more than a month since I discussed this webinar or why it’s taking place (and since I may have some new readers who didn’t see my previous posts on this subject), I’ll briefly summarize:

1.      Allan is leading a multi-year “multistakeholder process” to promote the production (by software suppliers) and use (by companies that use software, meaning just about every company on the planet) of software bills of materials (SBoMs). Note that the NTIA does not develop regulations, standards, or even guidelines. Its goal is to help private industry smooth the path to widespread use of promising new technologies (a previous huge NTIA success was DNS).

2.      The group – composed of people from a cross-section of industries – has decided the best way to accomplish their mission is to conduct “proofs of concept” in particular industries. In these, suppliers and user organizations work together to test procedures for producing, distributing and “consuming” SBoMs.

3.      The healthcare industry was the pioneer organization for this. They started their first proof of concept in 2018 and are now in the third “iteration” of their second PoC. In each PoC and iteration, the group has been pushing farther down the road toward full exchange and use of SBoMs, although there is no doubt that much needs to be done.

4.      A PoC is now starting in the Autos industry, and a PoC will soon start in the energy (including electric power) industry as well. Note that, even though the PoCs are for particular industries, SBoMs have universal application and both the formats and procedures are likely to be similar for all industries. This means that each PoC can build on what its predecessors have already established, while at the same time allowing participants to work with other industry suppliers and users (in the energy PoC case, the users will include electric utilities, industry organizations, and possibly government entities).

5.      If you are interested in the PoC, you can either be a direct participant (in which case your organization will need to sign an NDA) or an observer, meaning you can participate in the public meetings, where problems will be discussed and the results analyzed – as well as a final report drawn up. While participants need to be available for at least 1-2 meetings a week, observers can spend as little or as much time on this as they wish (you may also want to sign up for one or more of the NTIA’s four working groups, all of which have weekly meetings).

6.      The webinar is purely informational – to introduce the industry to SBoMs and talk about the healthcare industry’s experience with their PoC’s. There will be one or more further informational meetings that will go into more detail on technical issues for both suppliers and users of SBoMs. Only after these meetings will we start to plan the actual PoC and ask for participants.

I’ll hope to see you there!

Allan’s announcement:

Most modern software is built out of smaller software components. A "software bill of materials" (SBOM) is effectively a list of ingredients or a nested inventory of these components. Visibility of these components is emerging as a necessary step in understanding software and supply chain risk. 

The goal of this info session is to make the case for transparency in the software supply chain, as well as to give an initial overview of the global SBOM work to date. We'll also highlight lessons from how the healthcare sector has come together to learn about and execute SBOM technical and operational details. Participants will emerge prepared to think about how this might impact the electric and energy sector and begin discussions around what a proof-of-concept exercise might look like. These discussions will continue over the coming weeks in greater detail. 

There will be two similar info sessions on January 26 to accommodate schedules. Connection information is below. Feel free to forward. For more information, please contact Allan Friedman: afriedman@ntia.gov

January 26, 9-10am ET

Teams Meeting

Teams Link: https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTUwOGQwYTQtYTY5YS00YmU2LWI5ZGEtMDIyY2MwNDViOTU0%40thread.v2/0?context=%7b%22Tid%22%3a%22d6cff1bd-67dd-4ce8-945d-d07dc775672f%22%2c%22Oid%22%3a%22a62b8f72-7ed2-4d55-9358-cfe7b3e4f3ed%22%7d 

Dial-In: +1 202-886-0111,,760072759#

Global dial-in numbers: https://dialin.teams.microsoft.com/2e8e819f-8605-44d3-a7b9-d176414fe81a?id=760072759 

January 26, 4-5pm ET

Teams Link: https://teams.microsoft.com/l/meetup-join/19%3ameeting_MTUwOGQwYTQtYTY5YS00YmU2LWI5ZGEtMDIyY2MwNDViOTU0%40thread.v2/0?context=%7b%22Tid%22%3a%22d6cff1bd-67dd-4ce8-945d-d07dc775672f%22%2c%22Oid%22%3a%22a62b8f72-7ed2-4d55-9358-cfe7b3e4f3ed%22%7d 

Dial-In: +1 202-886-0111,,760072759#

Global dial-in numbers: https://dialin.teams.microsoft.com/2e8e819f-8605-44d3-a7b9-d176414fe81a?id=760072759 

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

No comments:

Post a Comment