We’ll be pleased to welcome “professor-turned-technocrat” Allan Friedman, the Director of Cybersecurity at NTIA. He is at the center of NTIA’s effort to standard a software BOM and an SPDX fan. This is a great opportunity to understand this important work and where we fit. (Details on Allan and his talk below the agenda.)

GENERAL MEETING

Meeting Time: Thurs, April 2, 8am PT / 10 am CT / 11am ET / 15:00 UTC.  http://www.timeanddate.com/worldclock/converter.html

Conf call dial-in:

New dial in number: 415-881-1586

No PIN needed

The weblink for screenshare will stay the same at: 
http://uberconference.com/SPDXTeam

Administrative Agenda

Attendance

Minutes Approval:   

Guest Presentation – Allan Friedman

Technical Team Report – Kate/Gary

Legal Team Report – Jilayne/Paul/Steve

Outreach Team Report – Jack

Any Cross Functional Issues –All

 Concerns about software supply chain risks have garnered more attention and energy in the OSS community, industry, and governments around the world. One natural starting point is a greater expectation of transparency of software components and dependencies. Any solution must scale up and down the software supply chain, and across the incredibly diverse software ecosystem, from modern CI/CD application development to critical infrastructure and embedded systems. Over the past two years, NTIA has helped a diverse set of stakeholders find a common vision for a "software bill of materials" (SBOM) that has the potential to scale as needed, and serve as a foundation for even more innovation around software supply chain security and quality. The SPDX community has played a key role in this discussion, and emerged as a key standard. This presentation will give an overview of the policy landscape, the progress made, and the work yet to be done around SBOM. 

Allan Friedman is Director of Cybersecurity at National Telecommunications and Information Administration in the US Department of Commerce. He coordinates NTIA's multistakeholder processes on cybersecurity, focusing on addressing vulnerabilities in IoT and across the software world. Prior to joining the Federal Government, Friedman spent over 15 years as a noted InfoSec and tech policy scholar at Harvard's Computer Science Department, the Brookings Institution and George Washington University's Engineering School. He is the co-author of the popular text 'Cybersecurity and Cyberwar: What Everyone Needs to Know,' has a degree in computer science from Swarthmore College and a PhD in public policy from Harvard University, and is quite friendly for a failed professor-turned-technocrat.