On October 20, 2021, the Department of Homeland Security (DHS) Software Supply Chain Risk Management Act of 2021 was passed by the U.S. House of Representatives1. With its passing, the Under Secretary for Management is now required to issue department-wide guidelines for identifying materials used in software development such as Software Bill of Materials (SBoM). These new guidelines will work to modernize the DHS acquisition process and strengthen cybersecurity by requiring DHS contractors to submit SBOMs identifying the origins of each component in the software provided to the agency.

Cybeats in Forbes

Award winning cybersecurity and technology thought leader, Chuck Brooks, recently penned an article for Forbes Magazine titled Bolstering Cybersecurity Risk Management with SBOMS2. In the article Brooks writes about how companies and organizations cannot fully protect digital assets unless it is known what software applications they have connected to enterprise networks and devices, and where SBOMs can significantly improve the transparency and accountability of such assets. Mr. Brooks is consistently ranked as one of the top cybersecurity influencers in the world.3

In the article Brooks called on Cybeats' own Chief Technology Officer and renowned expert on SBOMs, Dmitry Raidman, to explain the importance and growing demand for cybersecurity software standards and how SBOMs are critical for tracking and transparency.

"Once you know precisely what inputs are used in your software, you can get a clear vision of the risk factor each specific bill of materials introduces to your environment when it runs," said Dmitry Raidman, Chief Technology Officer, Cybeats. "What's more, the security risk can change whether or not something in the software bill of materials changes since new vulnerabilities are discovered on a daily basis. The only way to know if you are affected is by having this level of transparency provided by a SBOM."

Regulatory Developments

In May 2021, the White House issued a formal Executive Order (EO) 14028 to strengthen cybersecurity in the US, including enhancing software supply chain security. Also in May 2021, concurrently with the EO, the National Telecommunications and Information Administration (NTIA) issued a notice for public comment in its mandate to publish a list of minimum elements for an SBOM. NTIA proposed a definition of the "minimum elements" of an SBOM that builds on three broad, inter-related areas: data fields, operational considerations, and support for automation4. And now most recently, on October 2021, DHS Software Supply Chain Risk Management Act of 2021 was passed by the U.S. House of Representatives5.

