You shared this previously https://insidecybersecurity.com/share/14118
I think that's a significant reason. And even as a proponent / agitator of SBOMs myself, I find the arguments they lay out compelling as we sit right now. On Fri, Dec 16, 2022 at 4:33 PM Dick Brooks < [email protected]> wrote: > Eliot, > > > > I’m not familiar with the GSA work you mention. Can you provide a pointer > to GSA documents indicating that SBOM’s are required. > > > > I’ve seen where SBOM’s are required in the Department of State Evolve RFP. > > > > Also, why would ITI and others be lobbying Congress to have SBOM removed > from the NDAA, as the linked article indicates. > > > > There must be a reason. I suspect it’s because Congress creates laws, and > the NDAA law makes SBOM a legal requirement. > > > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://reliableenergyanalytics.com/products>* ™ > > http://www.reliableenergyanalytics.com > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > *From:* [email protected] <[email protected]> *On Behalf Of *Eliot > Lear > *Sent:* Friday, December 16, 2022 4:13 PM > *To:* [email protected] > *Subject:* Re: [spdx] Congress is considering removing the SBOM provision > from the NDAA Bill now before Congress > > > > Why? GSA is already specifying SBOMs. And is the list to encourage > congressional lobbying? > > On 16.12.22 20:38, Dick Brooks wrote: > > FYI: > > > > Please get the word out to restore the SBOM provision in the NDAA. > > > > “I don't see why any member of Congress would want to hamstring their own > cybersecurity professionals from monitoring and mitigating software > vulnerabilities that are detectable using an SBOM. Members of Congress > please help your own cybersecurity professionals that work so hard to keep > you and your districts safe from hacker attacks. Restore the SBOM provision > in the NDAA.” > > > > > https://energycentral.com/c/pip/industry-objections-spur-changes-cybersecurity-provisions-defense-bill%C2%A0%C2%A0 > > > > > > Thanks, > > > > Dick Brooks > > > > *Active Member of the CISA Critical Manufacturing Sector, * > > *Sector Coordinating Council – A Public-Private Partnership* > > > > *Never trust software, always verify and report! > <https://reliableenergyanalytics.com/products>* ™ > > http://www.reliableenergyanalytics.com > > Email: [email protected] > > Tel: +1 978-696-1788 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1614): https://lists.spdx.org/g/spdx/message/1614 Mute This Topic: https://lists.spdx.org/mt/95717040/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
