Software Bill of Materials (SBOM) – Allan Friedman – ASW #88
Allan Friedman is the Director of Cybersecurity Initiatives of NTIA (National Telecommunication and Information Administration) US Dept of Commerce. The problem: unknown software supply chain. Following a newly identified software risk, very few firms can answer the simple question: Am I affected? An overview of the solution: what is an SBOM, and how is it used. Where we are: some background on why the govt is doing this, the results thus far, and where we are going next. Potential to discuss regulation, govt policy, etc.
Guest
Dr. Allan Friedman is Senior Advisor and Strategist at the Cybersecurity and Infrastructure Security Agency. He coordinates the global cross-sector community efforts around software bill of materials (SBOM) and related vulnerability initiatives, and works to advance their adoption inside the US government and around the world. He was previously the Director of Cybersecurity Initiatives at NTIA, leading pioneering work on vulnerability disclosure, SBOM, and other security topics.
Prior to joining the Federal government, Friedman spent over a decade as a noted information security and technology policy scholar at Harvard’s Computer Science department, the Brookings Institution, and George Washington University’s Engineering School. He is the co-author of the popular text “Cybersecurity and Cyberwar: What Everyone Needs to Know,” has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University. He is quite friendly for a failed-professor-turned-technocrat.