Enable javascript in your browser for better experience. Need to know to enable it? Go here.
Published : Oct 27, 2021
Oct 2021
Assess ? Worth exploring with the goal of understanding how it will affect your enterprise.

In May 2021, the U.S. White House published its Executive Order on Improving the Nation's Cybersecurity. The document puts forward several technical mandates that relate to items we've featured in past Radars, such as zero trust architecture and automated compliance scanning using security policy as code. Much of the document is devoted to improving the security of the software supply chain. One item in particular that caught our attention was the requirement that government software should contain a machine-readable Software Bill of Materials (SBOM), defined as "a formal record containing the details and supply chain relationships of various components used in building software." In other words, it should detail not just the components shipped but also the tools and frameworks used to deliver the software. This order has the potential to usher in a new era of transparency and openness in software development. This will undoubtedly have an impact on those of us who produce software for a living. Many, if not all software products produced today contain open-source components or employ them in the build process. Often, the consumer has no way of knowing which version of which package might have an impact on the security of their product. Instead they must rely on the security alerts and patches provided by the retail vendor. This executive order will ensure that an explicit description of all components is made available to consumers, empowering them to implement their own security controls. And since the SBOM is machine-readable, those controls can be automated. We sense that this move also represents a shift toward embracing open-source software and practically addressing both the security risks and benefits that it provides.

Radar

Download Technology Radar Volume 25

English | Español | Português | 中文

Radar

Stay informed about technology

 

Subscribe now

Visit our archive to read previous volumes