Today, CISA published a meeting notice in the Federal Register (87 FR 33192-33193) for a series of four public listening sessions on “Advancing SBOM Technology, Processes, and Practices, to be held over five days in July. According to today’s notice, these listening sessions “are intended to advance the software and security communities' understanding of SBOM creation, use, and implementation across the broader technology ecosystem.”
CISA is looking for information about SBOM topics in these listening sessions. They intend to facilitate discussions between interested parties. They specifically state that it is not currently their “intent to use information shared during listening sessions to directly address or inform any Federal policy decision.” While CISA intends to facilitate “effective and constructive collaboration”, it is not clear from the notice how these sessions relate to the ongoing work being done by NTIA on the SBOM issue.
All sessions will be held virtually. Sign-up and access
information will be available at the CISA SBOM
website (not up as of this morning).
For more details about these sessions, including brief look
at topics and schedule, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/cisa-announces-sbom-listening-sessions
- subscription required.
No comments:
Post a Comment