SBOM's going mainstream - Biden Cybersecurity EO

Kate Stewart

Last night Biden signed Executive Order (EO) on Improving the Nation’s Cybersecurity.
As part of this Executive order the concept of SBOM is getting widespread visibility.

If the question comes up please help reinforce that SPDX is a valid recognized SBOM format.
NTIA has recognized 3 SBOM formats able to satisfy the minimum viable requirement for an SBOM, and SPDX is one of them. Current details are available from the last NTIA formats and tooling quarterly checkpoint last month. Also, last month NTIA hosted a plugfest, and all but one, tool was able to create an SPDX SBOM.

The NTIA community has been key to getting SBOM in this EO.  Some of you will remember Allan Friedman from NTIA's presentation to our group last year, as well as Ed Heierman from the HealthCare PoC on what they found using SPDX, so it's very exciting to see this emerge.


Join to automatically receive all group messages.