- Oct 21, 2021 3:13 pm GMT
A House Bill (H.R. 4611) requiring Software Bill of Materials (SBOM) has passed the House with a vote of 412-2.
This bill requires a vendor to supply an SBOM for new and existing government contracts.
But that's not all, a vulnerability disclosure is also required:
certification that each item listed on the
submitted bill of materials is free from all known
vulnerabilities or defects affecting the security of the
end product or service identified in—
(A) the National Institute of Standards and
Technology National Vulnerability Database;
Fortunately there is a free to use, open-source solution which software vendors can freely use to communicate SBOM and Known Vulnerability Information required by this legislation to DHS and other software customers called the Vendor Response File XML Schema and Known Vulnerabilities Disclosure Certification document available here.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.