Allan Friedman, PhD
Director of Cybersecurity Initiatives, National Telecommunications and Information Administration
Department of Commerce
The first step to better security in the software supply chain is understanding what we have. All modern software is built on smaller components. A "software bill of materials" (SBOM) tracks those underlying components, enabling better development, risk management, vulnerability management, and incident response. This presentation will summarize the international, cross-sector work convened by NTIA to establish the technical and operational basics of SBOMs to enable further supply chain security work.