[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

3-T SBOM status



I want to update you on current status for our 3-T SBOM joint venture.


Core subgroup:

  • Last Wednesday at 12 Noon Pacific, the Core subgroup met. Key topics for the meeting were as follows:
    • Review guiding principles, how we work and how we resolve conflict. See document here.
    • First discussion of the ‘Document Author’ element here.
  • The next Core subgroup meeting is tomorrow 4/14 at 11 AM Pacific.
    • Tuesdays at 11 AM Pacific will be the ongoing weekly meeting time. Contact William Bartholomew <iamwillbar@github.com> if you didn’t receive an invitation and would like one.
    • This week’s agenda: continue discussion of the ‘Document Author’ element.


Full group meeting:

  • The full group meeting for this coming Wednesday 4/15 will cancelled. I will send a cancellation shortly.
  • Instead, many group members will be attending the NTIA SBOM virtual meeting (see attached meeting details).
  • The full group will meet again next Wednesday 4/22.


Let me know if questions.




--- Begin Message ---

Dear Stakeholders,


We are looking forward to next week's virtual meeting. A tentative agenda is attached. The connectivity details are below; thanks to CERT/CC for sharing their Zoom resources for this meeting.


Virtual Multistakeholder Meeting

April 15, 2020  12:30pm ET - 4:30pm ET

Zoom link: https://cmu.zoom.us/j/262075339?pwd=bDQyNmRGd29LTE5KNzJ0YlBYVFBUQT09

Meeting ID: 262 075 339

Password: 866236

One tap mobile dial-in: +16465189805,,262075339

International dial-in info:  https://cmu.zoom.us/u/aN97icOr


At the bottom of this email is also a set of questions to prompt thinking about the next steps in this process. The objective isn't to declare the current work complete, but to keep our focus on the longer term goals and start that conversation. If you can take a moment, please respond to some or all of the questions.


As always, don't hesitate to reach out with any questions,





From: Friedman, Allan
Sent: Friday, April 3, 2020 11:56 AM
To: Remaley, Evelyn <ERemaley@ntia.gov>
Cc: PRESS <PRESS@ntia.gov>
Subject: April 15 virtual SBOM meeting - topics and planning


Dear Stakeholders,


Thanks to all of you who have been so productive in the working groups, addressing the key hurdles standing in our way for greater software component transparency. We'll be checking in as a community on April 15 in a virtual meeting, from 12:30-4:30pm ET. We'll share and agenda logistical details shortly.


In the virtual meeting, we'll have a chance to hear updates from each of the four working groups on their progress, and expected outputs, as well as identify further issues to address.  


We will also begin a preliminary discussion on the longer term, and how to combine the ongoing work into some more concrete guidance for the broader software community. What can we give the leader or organization who wants to start on the SBOM path? To support that conversation, I'm going to ask you to please share any initial ideas you have in advance, so we can have a more organized discussion:

·         What would "guidance" or "best practices" or "playbooks" look like? What should we call them?

·         How general or specific should this be?

·         How should we balance the trade-off between being context-specific vs. the burden to produce too many specific sets of guidance?

·         What would the guidance-drafting process look like? How should we organize ourselves? Does the working group structure still work?

·         What other questions should we be asking ourselves?

I certainly don't expect us to solve this issue in one meeting, but I'd like to start the creative process moving towards some shared expectations. Please send me any suggestions by April 13. I don't expect us to solve this issue in one meeting, but I'd like to start the creative process moving. Please send me any suggestions by April 13


We look forward to seeing you all virtually!  


Virtual Meeting on Software Component Transparency

Wednesday, April 15

12:30 pm-4:30 pm ET

Connection information to be shared shortly


As always, don't hesitate to reach out with any questions,






This email was sent to those who have expressed interest in NTIA’s cybersecurity multistakeholder activities.

More information about the current initiative is available at: https://www.ntia.doc.gov/SoftwareTransparency

To subscribe or unsubscribe, please contact afriedman@ntia.gov.




Attachment: sct_msh_agenda_04_15_20.pdf
Description: sct_msh_agenda_04_15_20.pdf

--- End Message ---