I want to update you on current status for our 3-T SBOM joint venture.
Full group meeting:
Let me know if questions.
--- Begin Message ---
- To: "Doscher, Megan" <MDoscher@ntia.gov>
- Subject: Details for April 15 SBOM meeting
- From: "Friedman, Allan" <AFriedman@ntia.gov>
- Date: Thu, 9 Apr 2020 14:54:35 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ntia.gov; dmarc=pass action=none header.from=ntia.gov; dkim=pass header.d=ntia.gov; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=etJxEW+ZVz6558PhTV+YsRbGwaXdqqUSuw6jQEOpWvc=; b=CkIPj202jHLbtzaEdksB9F+0jft+aHVBF9+/X+3BkPZlrb/IRadc340uK+6R2g23PHsRKbmVVht4TlAcTch3lTZNXWzSSD6vKQdmDrnC70GAoDHm3kVyfk/bqApgmkgdiUlArGv//6VZODW2+1JdXEyktBvEl7Q/px58lAHcuJ/IKX6ib015yrc1AeHE63Mgi2X6UQL44M1eIUnU+6iJJ/e6k28ngoTZxpCUWQ5VoptVlxIX6VcXFkYH1h508m5/AOJ0ag5VhUFGAe1Dcv+8vlRoVc8i5o4AHbMXwKGLqK/2B9LniH3Zmshh45MZy5my3NyH/4GbyAh6GQUaehJ5jg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hT/Rw5+BINpnI37juRae7LtCbn392qT/NEbq67HCk1pgZEVDfld6d7acj5/huFfRm7FfjOrQNSTCBpF5s45OrNFGeuplPwdukRXDpibXDjEfxzIbEX19R9bFwGlsyuSLJ9T4C5tR7wd1TzNHJ0BUZHMoLKTLJSY0LVpuKuak8mb7AZTaBGwIOHnOurK/OLRWnIqb+41Iii0zRQexTvq2BDnvCqHFMYy7NN3cOQMbo3uSc24gXedV3AV4QQPzKTwm9YqIFV+szon546Tx4JfyffTT06Zx201qE+F4BmRnVWvVcOhZLf+zoSl+FeFAk67Scz5J+cUGs8AwbDq2cwVyqQ==
- Authentication-results: spf=pass (sender IP is 188.8.131.52) smtp.mailfrom=ntia.gov; microsoft.com; dkim=pass (signature was verified) header.d=ntia.gov;microsoft.com; dmarc=pass action=none header.from=ntia.gov;compauth=pass reason=100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ntia.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=etJxEW+ZVz6558PhTV+YsRbGwaXdqqUSuw6jQEOpWvc=; b=JrbS85aoWmXeiqhEgYnc4EjmcNlPnhfxRSiGhCjsMlANIY/ITJ8F7dqWeCRBu0Uf7CptucMBG36fvSAq4eJXg4d7bNwyADEitV14Ag32IvsQppWIg1Z8nkYrVDeGnYiyGFXztByf9DGAH4MJshfO3WJslFVPEygdkF1C0bya61Q=
- Msip_labels: MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_Enabled=True; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_SiteId=d6cff1bd-67dd-4ce8-945d-d07dc775672f; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_Owner=AFriedman@ntia.doc.gov; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_SetDate=2020-04-09T14:54:32.0976200Z; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_Name=General; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_Application=Microsoft Azure Information Protection; MSIP_Label_6b5758c1-6df0-4e8d-a4f7-f588283d5d0d_Extended_MSFT_Method=Automatic; Sensitivity=General
- Thread-index: AdYOffdnQHpTmBTcSrOIe8UaMPTVqg==
- Thread-topic: Details for April 15 SBOM meeting
We are looking forward to next week's virtual meeting. A tentative agenda is attached. The connectivity details are below; thanks to CERT/CC for sharing their Zoom resources for this meeting.
Virtual Multistakeholder Meeting
April 15, 2020 12:30pm ET - 4:30pm ET
Meeting ID: 262 075 339
One tap mobile dial-in: +16465189805,,262075339
International dial-in info: https://cmu.zoom.us/u/aN97icOr
At the bottom of this email is also a set of questions to prompt thinking about the next steps in this process. The objective isn't to declare the current work complete, but to keep our focus on the longer term goals and start that conversation. If you can take a moment, please respond to some or all of the questions.
As always, don't hesitate to reach out with any questions,
From: Friedman, Allan
Sent: Friday, April 3, 2020 11:56 AM
To: Remaley, Evelyn <ERemaley@ntia.gov>
Cc: PRESS <PRESS@ntia.gov>
Subject: April 15 virtual SBOM meeting - topics and planning
Thanks to all of you who have been so productive in the working groups, addressing the key hurdles standing in our way for greater software component transparency. We'll be checking in as a community on April 15 in a virtual meeting, from 12:30-4:30pm ET. We'll share and agenda logistical details shortly.
In the virtual meeting, we'll have a chance to hear updates from each of the four working groups on their progress, and expected outputs, as well as identify further issues to address.
We will also begin a preliminary discussion on the longer term, and how to combine the ongoing work into some more concrete guidance for the broader software community. What can we give the leader or organization who wants to start on the SBOM path? To support that conversation, I'm going to ask you to please share any initial ideas you have in advance, so we can have a more organized discussion:
· What would "guidance" or "best practices" or "playbooks" look like? What should we call them?
· How general or specific should this be?
· How should we balance the trade-off between being context-specific vs. the burden to produce too many specific sets of guidance?
· What would the guidance-drafting process look like? How should we organize ourselves? Does the working group structure still work?
· What other questions should we be asking ourselves?
I certainly don't expect us to solve this issue in one meeting, but I'd like to start the creative process moving towards some shared expectations. Please send me any suggestions by April 13. I don't expect us to solve this issue in one meeting, but I'd like to start the creative process moving. Please send me any suggestions by April 13.
We look forward to seeing you all virtually!
Virtual Meeting on Software Component Transparency
Wednesday, April 15
12:30 pm-4:30 pm ET
Connection information to be shared shortly
As always, don't hesitate to reach out with any questions,
This email was sent to those who have expressed interest in NTIA’s cybersecurity multistakeholder activities.
More information about the current initiative is available at: https://www.ntia.doc.gov/SoftwareTransparency
To subscribe or unsubscribe, please contact firstname.lastname@example.org.
--- End Message ---