JUL 09, 2020 | US
Software Industry Leader: More Work Needed on Taxonomy to Make NTIA Initiative Successful
Inside Cybersecurity, July 9, 2020
By Sara Friedman
A Commerce Department-led initiative to develop a common software component vulnerability framework is still a work in progress, says BSA | The Software Alliance leader Tommy Ross, and more development is needed to mature the project before it can widely adopted by agencies and industry.
The most valuable components of the SBOM will be the “naming conventions” which are “the ways vendors or developers will have to communicate to users of components downstream [how] they have potentially mitigated some of the risks that may be associated with components because of SBOM,” Ross said. Developing the nomenclature is ongoing.
BSA | The Software Alliance wants to build “a clear understanding among users of what the SBOM is and what it is not,” and to figure out “what aspects of software security that SBOM is useful in addressing and the remaining areas of security that SBOM doesn't cover,” Ross said.
“SBOM isn't going to be a stand-in for software security as a whole,” he said. “It is one potential tool that may be useful in addressing third party components, hopefully their integration in a security manner and their upkeep and maintenance. But it is no substitute for a broader secure development lifecycle and in fact needs to live within a broader secure lifecycle in order to be effective.”
Original Posting: https://insidecybersecurity.com/share/11412
소프트웨어 연합(BSA | The Software Alliance, 이하 BSA)(www.bsa.org)은 각국 정부를 대상으로 세계 시장에서 전 세계 소프트웨어 업계를 대변하고 옹호하는 선도적 연합체입니다. 세계의 가장 혁신적 기업들이 회원사로 참여하며 경제에 활기를 불어 넣고 현대의 생활을 향상시키는 소프트웨어 솔루션을 만들어 내고 있습니다.
워싱턴 DC에 본부를 두고, 30개국이 넘는 국가들에서 운영되는 BSA는, 합법적 소프트웨어 사용을 증진시키고 기술 혁신을 촉진하며 디지털 경제의 성장을 추진하는 공공 정책을 지지하는 준법 프로그램들을 선도합니다.