Software Bill of Materials
Please join the Energy Sector SBOM Proof-of-Concept bi-weekly meetings.
Meetings are held alternating Wednesdays at 12 PM – 1PM EST
Participants will continue to receive email invitations as we progress.
TO BE ADDED TO MEETING INVITATIONS, PLEASE EMAIL:
May 18, 2022
Discuss exercises and feedback from the S4x22 conference session; CISA working group updates and CycloneDx announcements.
March 16, 2022
Energy Sector Software Bill of Materials discussion: survey results of software bill of materials transports.
FEBRUARY 16, 2022
A review of SBOM’s activities from past year and preview of discussion opportunities and path ahead for 2022.
DECEMBER 1, 2021
A retrospective analysis of the past year of Energy SBOM work and brainstorming for the year ahead.
NOVEMBER 17, 2021
A detailed walkthrough of the SBOM elements within the Juicebox open source product.
NOVEMBER 3, 2021
Cooking Class: Presented by Tim Walsh of the Mayo Clinic
OCTOBER 20, 2021
Cooking Show: Dr. Allan Friedman of CISA explains the concept and importance of the Vulnerabilities Exploitability eXchange (VEX) format, for reporting the status of component vulnerabilities.
OCTOBER 6, 2021
Cooking Class: Thomas Steenbergen of Here.com discusses how the European auto industry is now using SBOMs in the SPDX format.
SEPTEMBER 21, 2021
Cooking Class: Steve Springett, leader of the OWASP CycloneDX project, demonstrates how to create an SBOM in that format.
SEPTEMBER 8, 2021
AUGUST 25, 2021
JULY 14, 2021
JUNE 30, 2021
Cooking Class: Jennings Aske of NY Presbyterian Medical Center and Jim Jacobson of Siemens Healthineers discuss lessons learned in the Healthcare SBOM PoC, which started in 2018 and continues today.
JUNE 16, 2021
JUNE 2, 2021
Agenda: To identify specific topics, use cases, and technology gaps the POC would like to focus on in the remainder of the calendar year. We will be using a tool called MURAL to allow the group to work together and we will send an advance copy of the “board” in case there are those for whom this technology will not work.
Attendees may be interested in this review of SBOM use cases, and the benefits across the ecosystem. We encourage you to review it before Monday’s meeting: NTIA SBOM Use Cases Roles and Benefits, 2019 [PDF]
May 19, 2021
The Project Charter captures high level planning information (scope, deliverables, assumptions, etc.) about the SBOM Proof of Concept effort.
NTIA Multi-stakeholder Process on Software Component Transparency Use Cases and State of Practice Working Group
Software is everywhere. Like steel and concrete, software increasingly plays a foundational role in a modern, connected society and like those other building materials, how and with what ingredients the building materials are created often matters. Software permeates banking, healthcare, utilities, emergency services, national defense, government systems, and the like. The software includes operating systems, firmware, and embedded systems within our gadgets, devices, IoT, and other machines. And just like these physical goods, the software has a supply chain that may need to be understood and managed by an organization dependent on that software.