Why Doesn't Software Get Sold With a List of Ingredients?Allan Friedman Details the 'Software Bill of Materials' Initiative
Just as consumers can look at a box of Twinkies and read a list of ingredients, so too should software makers provide users with a "bill of materials" explaining their composition, says Allan Friedman, director of cybersecurity initiatives at the U.S. National Telecommunications and Information Administration.
In a video interview with Information Security Media Group at RSA 2020, Friedman also discusses:
- The activities of NTIA;
- Details on the Software Transparency Project;
- The push to provide a Software Bill of Materials - aka SBOM - for all software components.
Friedman is the director of cybersecurity initiatives at NTIA, which part of the U.S. Department of Commerce, where he coordinates NTIA's multistakeholder processes, bringing together industry and the security community on issues such as vulnerability disclosure and IoT security. Previously, Friedman spent over 15 years as a noted security and technology policy expert, conducting research at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. In 2014, he co-authored Oxford Press's "Cybersecurity and Cyberwar: What Everyone Needs to Know."