Federal SBOM mandate opposed by big tech vendors

The U.S. Office of Management and Budget has been urged by the Information Technology Industry Council, a trade group that includes Microsoft, Amazon, Intel, and Palo Alto Networks as members, to discourage software bill of materials requirements from federal agencies amid the lacking maturity of SBOMs, reports SecurityWeek. The ITI argued in its letter to the OMB that SBOMs are not yet fit as contract requirements due to the variations of quality, complexity, and completeness found in SBOMs created using existing industry tools. Moreover, implementation challenges pertaining to naming, identification, delivery and access, scalability remain. "These challenges make it difficult to effectively deploy and utilize SBOMs as a tool to foster transparency. The SBOM conversation needs more time to mature and move towards a place where SBOMs are scalable and consumable," said the ITI. Mandated SBOM was initially included in President Joe Biden's cybersecurity executive order last May, with the Commerce Department's National Telecommunications and Information Administration being in the forefront of advancing the mandate.