Progress on Software Component Transparency
NTIA is hosting its fourth multistakeholder meeting April 11 on software component transparency to work on ways to enable a more secure software ecosystem. We’re excited to report that a great deal of progress has been made since the effort started eight months ago. The goal is to increase transparency around the use of third party software components so that when vulnerabilities are detected, there is a way to quickly remedy problems
The idea is that software developers and organizations can create and share a “software bill of materials” (SBOM) that lists the components that make up software – a concept somewhat similar to food ingredient lists for every product on grocery store shelves.
Since first beginning this work in July 2018, the group has reached broad consensus around the basic value of a software bill of materials. Several working groups are digging into the details of how this would work, and studying what a more secure future can look like if stakeholders widely adopt SBOM across the Internet ecosystem.