Transparency in the Software Supply Chain: Making SBOM a Reality === :::info - **Date:** Oct.29th 10:20-11:00 - **Speaker:** Allan_Friedman - **Category:** Law@Policy - Main Track > We can't buy a piece of candy without knowing its ingredients, or design and sell a piece of machinery without accounting for each nut and bolt. Yet, even as supply chain uncertainty has emerged as a top information security risk, there is limited visibility into the third party components on the software running on our networks, and little market incentive for software suppliers to actually track their third party dependencies. While there will be no single solution for all supply chain risks, all solutions start with transparency.<br>This presentation will highlight the work done by an open, international effort to find consensus around the practice of sharing third party component use across the software supply chain. Stakeholders have documented how this can improve both security and quality for those who make, buy, and use software and software-based equipment, sketched out the basics of a minimum viable product, reviewed data formats, and even executed a proof-of-concept in the medical device sector. Moving forward, we will need even greater participation and community buy-in to promote awareness and adoption, as well as identifying further challenges that we can tackle together. ::: - References: - [NTIA Software Component Transparency](https://www.ntia.gov/SoftwareTransparency) - [Software Bill of Materials: Progress toward transparency of 3rd party code](https://www.first.org/resources/papers/conf2019/SBoM_Friedman_Manion_FIRST2019_v5-compressed-min.pdf) ###### tags: `CODEBLUE2019`,`CODEBLUE`