Part of Intelligent Utility® Network »

Digital Utility Group

The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Shared Link

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

Richard Brooks's picture
Richard Brooks
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent pending technology: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and...

  • Member since 2018
  • 1,213 items added with 484,010 views
  • Oct 14, 2021 7:14 pm GMT
  • 193 views

Microsoft has announced a significant commitment to creating SBOM's. This is further proof that SBOM has already reached critical mass and software supply chain security is about to get a vaccination shot to detect and prevent malware, such as ransomware; it's called SBOM. 

Software consumers of Microsoft products will soon have the ability to conduct a software risk assessment using SBOM, proactively, before any attempt to install or execute a software product or patch release. Today is a good day for cyber supply chain protections.

Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft

Software Bills of Materials (SBOMs) are useful to producers and consumers of software, providing software transparency, software integrity, and software identity benefits. In this post, In this post, Adrian Diglio walks us through how Microsoft is plannin

Read More
Source: devblogs.microsoft.com
Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on Oct 14, 2021

How do you see this trickling out to the utilities? 

Richard Brooks's picture
Richard Brooks on Oct 15, 2021

Matt, that's a great question. One of the still unsettled areas of SBOM is "how to make it available to customers". The predominant deliver method is via http download from an access controlled customer portal, i.e. https://github.com/rjb4standards/REA-Products/raw/master/PowerShell-SBOM.spdx

As to when we will see the first Microsoft SBOM in the wild, I just don't know but I'm reasonably certain Microsoft will be ready to meet Executive Order 14028 requirements for software vendors selling to the Federal Government, which is sometime in the next 24 months.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »

Your access to Member Features is limited.

Apply for membership
Related Content
House approves bill to strengthen IT supply chain following SolarWinds hack
Assessing and Reducing Risk - NERC Security Working Group
Electric distribution reclosers can be cyber compromised to cause devastating wildfires
This software supply chain flaw killed 346 people
Recent Comments
Matt Chester
Matt commented on ...
RenuWell - Transforming up to 170,000 inactive oil wells into solar farms
Seems like a great opportunity to help re-job people in this community that will continue to be hit by the energy transition-- thanks for sharing...
Matt Chester
Matt commented on ...
Thank you to Energy Central and the Energy Central community
Thanks for always keeping these issues on the community's radar, Charley
Audra Drazga
Audra commented on ...
Thank you to Energy Central and the Energy Central community
Thank you Charley for all of your contributions! I look forward to seeing many more! 
Bob Meinetz
Bob commented on ...
RenuWell - Transforming up to 170,000 inactive oil wells into solar farms
David, here's a better idea - what about charging oil and gas companies for reclamation costs? That would be better than covering up the mess...