A Commerce Department-led initiative to create a safer software ecosystem has made significant strides since it launched less than a year ago, according to an agency official.
The National Telecommunications and Information Administration’s work on software component transparency kicked off in July 2018 when it announced it was convening a multistakeholder group to develop more transparency of software components.
Since last summer, the group has agreed there needs to be a “software bill of materials” that lists the various components that make up software - similar to the list of ingredients found on food products, said Allan Friedman, NTIA’s director of cybersecurity initiatives in the Office of Policy Analysis and Development.
“We’re excited to report that a great deal of progress has been made since the effort started eight months ago,” he said in an April 8 post on NTIA’s blog. “The goal is to increase transparency around the use of third party software components so that when vulnerabilities are detected, there is a way to quickly remedy problems.”
The group is now exploring how a software bill of materials would work and what the future can look like if it’s implemented across the internet, Friedman said. It will hold its fourth multistakeholder meeting April 11 to discuss further.