Commerce Dept Continues Work on Software Bill of Materials

Jeff Brody

The Department of Commerce has created a Software Bill of Materials that details the origins of components used in developing software for applications such as internet-of-things technology, FCW reported Wednesday.

Allan Freidman, director of cybersecurity at the National Telecommunications and Information Administration, said at the Black Hat conference in Las Vegas that the SBOM group is currently working on improving information sharing, identifying trusted sources for data storage and establishing ways to process such information.

Cheri Caddy, director of public-private partnerships at the National Security Agency, noted during a recent Atlantic Council event that vulnerable and risky software can be a major benefit to adversaries and malicious actors.

"The problem is we all make risk decisions on different bases, so what is red flags and alarm bells in the national security community in terms of risk might just yield a shrug from certain private-sector partners," she added.

Freidman and Caddy’s comments come as the government continues its oush to prohibit products from Chinese telecommunications firms Huawei and ZTE as well as Russian software company Kaspersky.

Check Also

NSA

NSA Warns of Cyber Vulnerability in Email Transfer Software

The National Security Agency has identified a vulnerability that Russian cyber actors take advantage of to attack mail transfer networks. Sandworm Team, a Russian military group, has exploited the CVE-2019-10149 vulnerability found in the Exim software that Linux and Unix systems use as a mail transfer agent, NSA said Thursday.