Over the last two years, the National Telecommunications and Information Administration has been working to popularize and standardize a way for software consumers to make more informed decisions—with security in mind—and is planning an event for stakeholders to compare notes on how to get to the goal.
“The working group reviewed plans for an upcoming proof-of-concept summit, where we can bring together folks from different sectors, energy, finance, telecommunications, national security to sort of say here's how we've done it, here are some of the other ways that you could think about doing it, and create a space for folks to really think about it,” said Allan Friedman, NTIA’s director of cybersecurity initiatives. “That's something that NTIA is going to be working with our stakeholders to plan over the next few months.”
The transparency project is centered around what’s called a “software bill of materials,” which indicates where all the various code that goes into a product is derived. Friedman spoke with Nextgov about how it came about and where it might lead.
“This is not a new idea, it's been a standard part of manufacturing for decades,” Friedman said. But times are changing, and industry standards haven’t kept up with the use of opaque software sourcing.
“If I buy, say a giant generator for my facility, it will come with a list of all the parts so that I know what the total cost of ownership and maintenance is going to look like,” Friedman said. “If I buy that generator today, it's going to be connected to the internet, it's going to have a lot of software, and we don't have the same visibility that we still need from a maintenance, support, and, of course, security perspective.”
Sof ..
Support the originator by clicking the read the rest link below.
