Friday, March 24, 2023

Three problems holding back SBOMs


One of my favorite sayings is, “I didn’t have time to write you a short letter, so I wrote you a long letter.” In other words, when you constrain yourself to saying a lot in a short document, you’ll almost always produce something that’s much more worth reading (and not just because it’s short) than if you address the same subject in a long document. As a blogger who is fast approaching 1,000 posts since early 2013 (and who posted earlier on a Honeywell blog), I can vouch that this is true. My shorter posts are almost always more memorable than my longer ones.

When Deborah Radcliff, a noted cybersecurity author and speaker, asked to interview me in a podcast, I suggested that I would address the distribution and use of software bills of materials (SBOMs) – specifically, the reasons why, even though an Executive Order mandating that federal agencies request SBOMs from their software suppliers went into effect last summer, they’re still hardly being distributed to, or utilized by, user organizations whose primary business isn’t software development.

We taped the podcast, but afterwards she told me – and I agreed with her – that what I’d said was too “rambling” to make into a focused podcast. She proposed to work with me to write a document of only 1200 words (the limit for one or two organizations with which she works), on the same topic. I readily agreed to that, since – believe it or not – I have learned over the years how to write a short, cogent post.

Here is the post we wrote. I think it states very well what I was trying to say and I’m sure that, if I had twice as much space available to me, I would have written a document that was only half as cogent. I’d love to see your comments.

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

No comments:

Post a Comment