Chris DeRusha, US Federal CIO at OMB mentions SBOM as part of the forthcoming CISA self-attestation form required under OMB M-22-18:
"The Secure Software Development Framework is a fantastic framework but when a company is going to attest specifically to the practices, we all have feeling it needs to be more specific about what those are, instructions, how to submit artifacts and how to treat SBOMs," DeRusha told reporters following his talk at the Information Security and Privacy Advisory Board meeting." https://insidecybersecurity.com/share/14396 Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5013): https://lists.spdx.org/g/Spdx-tech/message/5013 Mute This Topic: https://lists.spdx.org/mt/97453479/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
