SBOMs are seen as security enhancements by the Biden administration

Hello, and welcome to Protocol Enterprise! now: why calls for more software transparency could help improve security and could create more jobs, the most carbon-heavy data center regions and this week in business transitions.

What’s in your software?

Hey, remember the mad scramble of cybersecurity teams in the wake of the critical Log4Shell vulnerability back in December?

If so, you’re probably aware of the security risks of the software supply chain — and also that there is no easy fix.

  • But many in the security community hope that improved transparency around software components, through the use of a so-called “software bill of materials,” will go a long way.
  • An SBOM is simply a text file that lists the components used to build a piece of software, often compared to a list of ingredients on a package of food.
  • SBOMs can have a range of applications for reducing cyber risk, advocates say. The most commonly cited use is to help a customer quickly identify where they are running vulnerable software components — particularly open-source components.

However, the software tools needed to analyze SBOMs bulk and extracting insights from data that largely do not exist yet.

  • At least in the first stage, an SBOM also cannot be automatically linked to vulnerability information.
  • More tools for making practical use of SBOMs are expected to come once more SBOM data is produced.
  • That will likely be driven, at least initially, by the federal government and its tens of billions of dollars in annual IT spending.

Ever since President Biden’s executive order in May 2021, that established SBOM as a key initiative for national cybersecurity, many software companies hope that SBOMs will become a requirement in federal contracts.

  • The White House Office of Management and Budget is likely to soon issue a memo to federal agencies detailing how to include SBOMs in the contracting process, cybersecurity policy watchers told me .
  • At this point, many commercial and open-source tools now exist for developing SBOMs, the basics of the concept are “reasonably well understood,” according to Allan Friedman, who leads the SBOM initiative at CISA.
  • And while SBOM will need time to fully mature, the important thing is to start with what’s ready now and build from there, Friedman told me.

“To leave security [where software] is a black box thinking about the broader supply chain — that takes a while, especially with the federal government,” he said. “But it’s a priority.”

Read the full story here.

— Kyle Alspach (email | nervous)

Sponsored content from DataRobot

DataRobot’s AI Cloud for Financial Services Opens the Art of the Possible: DataRobot continues to encourage financial services clients who want to de-risk their AI investments and quickly scale AI into nearly every part of their operations, resulting in improved productivity and higher satisfaction of the customer.

Read more from DataRobot

A clean cloud can be difficult to find

Cirrus Nexus set out to recommend regions with the least carbon-intensive data centers, due to questions from its clients about where to locate workloads to reduce their climate impact. But, in the words of CEO and co-founder Chris Noble, there’s “not a simple answer.”

While regions that rely more on solar, wind, hydro and nuclear power tend to have the lowest carbon intensity, that measure varies greatly; when the sun doesn’t shine or the wind doesn’t blow, many regions turn to fossil fuels as a fallback. (Carbon intensity measures the amount of carbon dioxide emitted per unit of electricity generated.)

While places like California and France, which rely heavily on renewable and nuclear energy, respectively, tend to have the lowest carbon intensity, the nature of the energy transition makes other regions difficult to evaluate. Cirrus Nexus emphasized the importance of increasing energy storage to resolve these inconsistencies.

However, Noble said companies that buy cloud computing services have historically had a blindspot for emissions associated with data center operations. Ultimately, he says the carbon intensity of cloud operations is a function of what customers demand. If they suddenly tell providers they’re going elsewhere unless the provider reduces its carbon intensity, Noble said there could be a rush to power data centers with solar panels or storage.

– Lisa Martine Jenkins (email | nervous)

Business moves

In the past week, American Airlines and Domo added new chief executives, Qualtrics and ServiceNow strengthened their boards of directors, and more.

Ganesh Jayaram is the new CIO of American Airlines. Jayaram was formerly CIO at John Deere.

Wendy Steinle joined Domo as chief marketing officer. Steinle previously held senior marketing roles at Adobe.

Pradheepa Raman has been named chief people officer at GlobalFoundries. Raman previously held leadership roles in human resources at Samsung Electronics and Avaya.

Paul Hager joins Ingram Micro as VP of services for US Hager was previously director of solutions for service provider Elevity IT.

Ali Salehpour, an SVP at Applied Materials, is leaving. Salehpour, who will retire effective January 2023, led the company’s services, display and flexible technology group.

Robin Manherz was appointed to Qualtrics’ board of directors. Manherz is currently chief operating officer of customer success at SAP.

Dennis Woodside has stepped down from the ServiceNow board of directors. Woodside is currently president of Impossible Foods and former COO at Dropbox.

— Aisha is counting (email | nervous)

Around the enterprise

The hackers who compromised Twilio cast their nets wider than originally realized, successfully targeting more than 130 companies and organizations with the same attack.

Microsoft understands that cloud migration is difficult: It continues to make slow progress toward migrating Office 365 and Microsoft 365 to Azure, according to ZDnet, a process that will eventually take nearly a decade.

Labor Day beat Wall Street expectations for its second quarter and raised guidance for the upcoming quarter, another sign that enterprise software spending remains relatively steady for companies that are still growing.

Sponsored content from DataRobot

DataRobot’s AI Cloud for Financial Services Opens the Art of the Possible: Banks need to gain a competitive edge in the increasingly tight race to use the best technology. Decision makers not only need to plan a future-ready strategy, but also recognize the value of AI that can boost not only their performance in-house but also their reputation with their global customers.

Read more from DataRobot

Thanks for reading — see you tomorrow!



#SBOMs #security #enhancements #Biden #administration #Source Link #SBOMs are seen as security enhancements by the Biden administration

Leave a Comment