Is There Really an SBOM Mandate?
338 | Thu 31 Jul 2 p.m.–2:45 p.m.
Presented by
-
Bradley M. Kuhn is the Policy Fellow at Software Freedom Conservancy (SFC). Kuhn began his work software freedom movement in 1992, as an early adopter of Linux systems & contributor to various FOSS projects, including Perl. Kuhn was FSF’s Executive Director from 2001–2005, began as SFC’s primary volunteer from 2006–2010, and became SFC's first staff person in 2011. Kuhn's work focuses on enforcement of the GPL agreements, FOSS licensing policy, and infrastructural solutions for FOSS.
Bradley M. Kuhn is the Policy Fellow at Software Freedom Conservancy (SFC). Kuhn began his work software freedom movement in 1992, as an early adopter of Linux systems & contributor to various FOSS projects, including Perl. Kuhn was FSF’s Executive Director from 2001–2005, began as SFC’s primary volunteer from 2006–2010, and became SFC's first staff person in 2011. Kuhn's work focuses on enforcement of the GPL agreements, FOSS licensing policy, and infrastructural solutions for FOSS.
Abstract
A consistent mantra of the Software Bill Of Materials (SBOM) ballyhoo is
that various government entities around the world have mandated SBOMs in
various different places. From USA POTUS Executive Orders, to EU Directives,
to USA NIST whitepapers — it's often been repeated that these various
sources mandate SBOMs as a mandatory requirement.
Let's look at the source material and find out what these various orders and
directives actually say, and figure out what's really mandated.
A consistent mantra of the Software Bill Of Materials (SBOM) ballyhoo is that various government entities around the world have mandated SBOMs in various different places. From USA POTUS Executive Orders, to EU Directives, to USA NIST whitepapers — it's often been repeated that these various sources mandate SBOMs as a mandatory requirement. Let's look at the source material and find out what these various orders and directives actually say, and figure out what's really mandated.