This group brings together the best thinkers on energy and climate. Join us for smart, insightful posts and conversations about where the energy industry is and where it is going.

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent pending technology: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and...

  • Member since 2018
  • 1,127 items added with 451,136 views
  • Mar 28, 2021 9:00 pm GMT
  • 1059 views

Federal Government agencies, Energy Companies and other critical infrastructure operators will be looking to utilize SBOM's in software supply chain risk assessments, when the new executive order (see link below from Reuters) is published this coming shortly. Testing can begin now with either SPDX Tag/Value or CycloneDX XML SBOM formats; both are supported in NTIA's SBOM initiative. Energy Central hosted a PowerSession on best practices for software supply chain risk assessments that contains some very useful information for parties interested in using SBOM's. This session is available on demand.

This PowerSession clearly shows the good benefits that SBOM's provide NOW as part of a software supply chain risk assessment. The bad guys will continue to exploit opportunities to cause harm - we must implement defensive tactics today to prevent them from succeeding. Requesting that software vendors provide SPDX Tag/Value or CycloneDX XML SBOM's, which are available and implemented in tools today, with each software release, including patches, for use within a software supply chain risk assessment, before any attempt to install a software package, is a prudent and beneficial defense that is available NOW to help identify, detect and mitigate software supply chain risks.  Waiting for the perfect SBOM to arrive will only give the bad guys more opportunity to attack knowing the victims are not putting to good use the defensive measures that are available NOW with today's SBOM's and tools.

Never trust software, always verify and report!

 

Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »