The value of transparency around third party software component use is becoming increasingly apparent. Understanding what makes up our software can help those who make software, those who buy it, and those who operate it. The increasingly popular idea of a 'software bill of materials' (SBOM) can drive real change. Yet risk aversion, culture, and inertia pose obstacles for broader adoption across the global software ecosystem, in the open source world, and in the commercial world. Government regulation is probably not the answer, but industry-wide and international coordination can play a key role in helping promote transparency. This presentation will share two different perspectives on the gaps for SBOM adoption, and how two very different organizations (NTIA in the US and JPCERT/CC in Japan) are helping to establish transparency. We will highlight the broader social benefits identified from software transparency and SBOM use, and the roles of coordinators in our respective countries. We'll also identify the obstacles and gaps that are common--and different--and the strategies for bridging these gaps.
---
Dr. Allan Friedman is Director of Cybersecurity at the National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA’s multi-stakeholder processes on cybersecurity, convening cross-sector working groups with a focus on resilience in a vulnerable ecosystem.
Tomo Ito has been working as a vulnerability information coordinator at JPCERT/CC for 4 years. His current focuses include international collaborations regarding vulnerability coordination topics with organizations around the globe.
