CISA official highlights regulatory actions on SBOM at federal agencies ahead of software transparency community event

Ongoing work to establish standards for Software Bill of Materials should not deter regulatory agencies from making it a requirement, according to CISA’s Allan Friedman, who spoke with Inside Cybersecurity ahead of a “SBOM-a-Rama” event on Thursday that will bring together stakeholders across the ecosystem for updates on ongoing workstreams.

“We’re doing a disservice to the software ecosystem if we don’t start thinking about transparency” in a regulatory context, Friedman said.

Friedman said the Cybersecurity and Infrastructure Security Agency is...