“Bill of Materials” or a software component inventory is a controversial policy idea, but helpful for both the SW manufacturer and the enterprise customer to understand vulnerability risks. Instead of regulation, US Dept. of Commerce launched an open, voluntary, multistakeholder process to create a shared vision of this process to help small vendors, IoT manufacturers and risk managers.
Learning Objectives: 1: Gain awareness and deliver feedback on a brand new government initiative on S-BOM. 2: Explore why collecting and processing component data is key to a secure dev model for IoT. 3: Understand how SW component data will be part of the future of vulnerability management.