I think there is some confusion about that letter. Nowhere does it say
that "SBOM is bad". The concern is that Congress would specify one way
of doing things, the military another, and DISA yet a third. In fact
the article specifically says:
OMB’s approach reflects a comprehensive government-wide approach that
is preferable to congressional mandates directed at one agency that
risk prematurely locking in technical and operational approaches for
the foreseeable future. Left unchecked, these varying mandates can be
expected to conflict in design and execution...
In my view, the issue is “when” and “how” not “if”.
Eliot
On 30.11.22 20:35, Dick Brooks wrote:
https://insidecybersecurity.com/share/14118
Wow, some people seem to think this “SBOM thing” looks like the
birthchild of communism and the black plague.
I don’t understand why people are so afraid of SBOM. It’s just a text
file. WAZZUP with that.
Allan, looking forward to seeing you on 12/7 at FERC. I filed my
testimony today which is very supportive of SBOM, as you can imagine.
Thanks,
Dick Brooks
/Active Member of the CISA Critical Manufacturing Sector, /
/Sector Coordinating Council – A Public-Private Partnership/
*/Never trust software, always verify and report!
<https://reliableenergyanalytics.com/products>/* ™
http://www.reliableenergyanalytics.com
<http://www.reliableenergyanalytics.com/>
Email: [email protected]
<mailto:[email protected]>
Tel: +1 978-696-1788
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#4877): https://lists.spdx.org/g/Spdx-tech/message/4877
Mute This Topic: https://lists.spdx.org/mt/95521882/21656
Group Owner: [email protected]
Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
