CISA seeks input on software identification white paper to assist with future SBOM work

The Cybersecurity and Infrastructure Security Agency is asking for feedback on a software identification white paper and potential paths for new work that could intersect with ongoing Software Bill of Materials efforts.

“Software identification is a key facilitator of effective vulnerability management. Software identifiers are labels for specific versions of software that conform to a defined format. An identifier enables users to track software in relation to other information, such as known vulnerabilities, mitigations for vulnerabilities, lists of approved or...