The Department of Commerce has created a Software Bill of Materials that details the origins of components used in developing software for applications such as internet-of-things technology, FCW reported Wednesday.
Allan Freidman, director of cybersecurity at the National Telecommunications and Information Administration, said at the Black Hat conference in Las Vegas that the SBOM group is currently working on improving information sharing, identifying trusted sources for data storage and establishing ways to process such information.
Cheri Caddy, director of public-private partnerships at the National Security Agency, noted during a recent Atlantic Council event that vulnerable and risky software can be a major benefit to adversaries and malicious actors.
"The problem is we all make risk decisions on different bases, so what is red flags and alarm bells in the national security community in terms of risk might just yield a shrug from certain private-sector partners," she added.
Freidman and Caddy’s comments come as the government continues its oush to prohibit products from Chinese telecommunications firms Huawei and ZTE as well as Russian software company Kaspersky.