(CS)²AI Online™ Seminar: ICS Supply Chains: SBOM Sharing Gets Interesting
Software Bills of Materials (SBOMs) have become the default method of enunciating the contents of applications. To date SBOMs have been created in small volumes and typically only shared directly between software vendors and their customers. To facilitate the sharing of SBOM data across the pertinent operational areas of complex supply chains, a more sophisticated means of implementing controls has been necessary.
The public/private CISA SBOM Sharing Working Group has developed a taxonomy to describe the more complex movement of SBOMs needed to leverage this source of inventory information. In this session, the co-chair of this working group will explain the three Actors defined in the SBOM Sharing Roles and Considerations document published this month (March, 2024) on the CISA website.
An SBOM Author creates a given SBOM and sets the Discovery, Access, and Transport (see CISA SBOM Sharing Lifecycle publication, 2023) methods and permissions necessary to make this SBOM available. An SBOM Consumer creates the need to share a given SBOM and defines the Discovery, Access, and Transport they will accept. An SBOM Distributor is any entity which must respond to requirements to share SBOMs they did not create and are not directly using (think ISACs, integrators, service providers, ...) while ensuring the requirements of all parties are maintained.
Takeaways:
An understanding of the considerations when acting as an SBOM Author, SBOM Distributor, or an SBOM Consumer and how these may affect your related duties and concerns.
Insight into the advantages and challenges of this new flow of intelligence.
Speaker: Chris Blask, VP Strategy, Cybeats, Chair of ICS-iSAC, Author, Speaker, Ponderer of Inevitability Curves, and CS2AI Founding Fellow
https://www.linkedin.com/in/chrisblask/
Reserve your seat - register now!
## All past seminars and symposiums are available to paid CS2AI.ORG members. Check out the Resources area of our website in the Members Portal https://www.cs2ai.org/
## Becoming a paid member is easy. Join now! https://www.cs2ai.org/plans-pricing
## Certificates for Professional Development/Continuing Education Units (PDUs/CEUs) are available for all registered individuals who attend at least one hour of the event.
## If you're interested in speaking at a future (CS)2AI event, having your organization become a Strategic Alliance Partner, or engaging in any of the other ways available, please contact us on our https://www.cs2ai.org/get-involved
## Please note that (CS)2AI ONLINE events are provided free of charge as educational career development content through the support of our paid members and the generous contributions of our corporate Strategic Alliance Partners. Contact information used in registering for our directly supported seminars may be shared with sponsors funding those specific events. Unless noted on the Gotowebinar registration page, all events are open for direct funding support.
