Participants in NTIA’s software security multistakeholder effort made significant progress this year, publishing the first set of community-drafted documents to offer guidance around the practice of a software bill of materials (SBOM). The SBOM functions as a “list of ingredients” for software that can help organizations keep track of the underlying components that make up almost all software today.
We are excited that the broader community is already using these resources, and we’re looking forward to refining the concept at the technical level. During the most recent meeting in November, the community agreed to continue their work in 2020, with a focus on making transparency an easy-to-use feature of the software marketplace.
Moving forward, in four parallel work streams, stakeholders plan to: