Energy SBOM Meetings

September 21, 2022
A recording of DOE’s bi-weekly meetings on SBOMs.

August 17, 2022
Using CyTRICS program research to tell a “round-about” story of SBOMs.

June 15, 2022
An update to VEX vulnerabilities and some tricks for addressing them.

May 18, 2022
Discuss exercises and feedback from the S4x22 conference session; CISA working group updates and CycloneDx announcements.

March 16, 2022
Energy Sector Software Bill of Materials discussion: survey results of software bill of materials transports.

FEBRUARY 16, 2022
A review of SBOM’s activities from past year and preview of discussion opportunities and path ahead for 2022.

DECEMBER 1, 2021
A retrospective analysis of the past year of Energy SBOM work and brainstorming for the year ahead.

NOVEMBER 17, 2021
A detailed walkthrough of the SBOM elements within the Juicebox open source product.

NOVEMBER 3, 2021
Cooking Class: Presented by Tim Walsh of the Mayo Clinic

OCTOBER 20, 2021
Cooking Show: Dr. Allan Friedman of CISA explains the concept and importance of the Vulnerabilities Exploitability eXchange (VEX) format, for reporting the status of component vulnerabilities.

OCTOBER 6, 2021
Cooking Class: Thomas Steenbergen of Here.com discusses how the European auto industry is now using SBOMs in the SPDX format.

SEPTEMBER 21, 2021
Cooking Class: Steve Springett, leader of the OWASP CycloneDX project, demonstrates how to create an SBOM in that format.

SEPTEMBER 8, 2021

AUGUST 25, 2021

JULY 14, 2021

Additional resources:

• NTIA SBOM Minimum Elements Report
• The 2019 NTIA Healthcare SBOM POC
• The Roles and Benefits of SBOM Across the Supply Chain
• The NTIA SBOM FAQ

JUNE 30, 2021
Cooking Class: Jennings Aske of NY Presbyterian Medical Center and Jim Jacobson of Siemens Healthineers discuss lessons learned in the Healthcare SBOM PoC, which started in 2018 and continues today.

JUNE 16, 2021

JUNE 2, 2021

Agenda: To identify specific topics, use cases, and technology gaps the POC would like to focus on in the remainder of the calendar year. We will be using a tool called MURAL to allow the group to work together and we will send an advance copy of the “board” in case there are those for whom this technology will not work.

Attendees may be interested in this review of SBOM use cases, and the benefits across the ecosystem. We encourage you to review it before Monday’s meeting: NTIA SBOM Use Cases Roles and Benefits, 2019 [PDF]

May 19, 2021

The Project Charter captures high level planning information (scope, deliverables, assumptions, etc.) about the SBOM Proof of Concept effort.

Agenda:

• Review draft charter for Energy Sector SBOM POC
• Facilitated feedback and discussion around charter and mission
• Logistics and organization moving forward

NTIA Multi-stakeholder Process on Software Component Transparency Use Cases and State of Practice Working Group

November 2019

Introduction:

Software is everywhere. Like steel and concrete, software increasingly plays a foundational role in a modern, connected society and like those other building materials, how and with what ingredients the building materials are created often matters. Software permeates banking, healthcare, utilities, emergency services, national defense, government systems, and the like. The software includes operating systems, firmware, and embedded systems within our gadgets, devices, IoT, and other machines. And just like these physical goods, the software has a supply chain that may need to be understood and managed by an organization dependent on that software.