The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Inventor of patent pending technology: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software and...

  • Member since 2018
  • 1,213 items added with 484,010 views
  • Oct 14, 2021 7:14 pm GMT
  • 193 views

Microsoft has announced a significant commitment to creating SBOM's. This is further proof that SBOM has already reached critical mass and software supply chain security is about to get a vaccination shot to detect and prevent malware, such as ransomware; it's called SBOM. 

Software consumers of Microsoft products will soon have the ability to conduct a software risk assessment using SBOM, proactively, before any attempt to install or execute a software product or patch release. Today is a good day for cyber supply chain protections.

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Discussions
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.
Matt Chester's picture
Matt Chester on Oct 14, 2021

How do you see this trickling out to the utilities? 

Richard Brooks's picture
Richard Brooks on Oct 15, 2021

Matt, that's a great question. One of the still unsettled areas of SBOM is "how to make it available to customers". The predominant deliver method is via http download from an access controlled customer portal, i.e. https://github.com/rjb4standards/REA-Products/raw/master/PowerShell-SBOM.spdx

As to when we will see the first Microsoft SBOM in the wild, I just don't know but I'm reasonably certain Microsoft will be ready to meet Executive Order 14028 requirements for software vendors selling to the Federal Government, which is sometime in the next 24 months.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »