Yesterday the National Telecommunications and Information
Administration (NTIA) published a notice in the Federal Register (83 FR 26434-26436)
announcing a meeting of a multi-stakeholder process on promoting software component transparency on July 19th,
2018 in Washington, DC.
The Meeting
NTIA intends for this to be the first of a series of
meetings to address this issue. As such the objective for
this first meeting includes:
• Share the perspectives and
concerns of both the vendor and enterprise customer communities;
• Discuss and acknowledge what is
already working;
• Explore obstacles and challenges
for greater transparency and better risk decisions;
• Identify promising areas of
potential collaboration;
• Engage stakeholders in a
discussion of logistical issues, including internal structures such as a small
drafting committee or various working groups, and the location and frequency of
future meetings; and
• Identify concrete goals and stakeholder work
following the first meeting.
This meeting will be open to the public on a first-come,
first-served basis, but there will be limited seating. The meeting will be
webcast. The information on the web cast will be made available on the Software Transparency
web site (note: the link in the FR notice is incorrect).
Commentary
The notice provides an excellent discussion
about the importance of being able to identify 3rd party components of
software packages. This is a problem that I have pointed out on a number of occasions
(see here
for example) in relation to 3rd party vulnerabilities in industrial
control system products. This should be an interesting discussion.
Posts
No comments:
Post a Comment