CISA releases paper offering transparency guidance for software-as-a-service environments

The Cybersecurity and Infrastructure Security Agency has released guidance on how a Software Bill of Materials can be used to provide transparency into software components when working with third party suppliers in a software-as-a-service environment, developed by a community-led working group focused on cloud and online applications.

“While there has been extensive work produced on the benefits of software transparency in packaged software, there remains ambiguity regarding how software transparency can be achieved for SaaS,” the May 20 paper...