Software industry leader: Stakeholders should balance transparency expectations; vulnerability management needed

As the National Telecommunications and Information Administration’s work to introduce more transparency to software’s components draws plaudits from key policymakers, a representative of the software industry’s leading trade association says “parallel” efforts on vulnerability management are necessary to realize the benefits.

“I think people need to have the right set of expectations around what the [Software Bill of Materials] is and how it will fit into current and future cybersecurity efforts,” said Tommy Ross, senior director of policy for BSA...