A coalition of cybersecurity industry associations have published an open letter urging the US Congress to delay Software Bill of Materials requirements for defense contractors.
The letter relates to section 4543 of the National Defense Authorization Act for Fiscal Year 2023, which requires the US Department of Defense to establish requirements for a software bill of materials (SBOMs) for contractors.
SBOM refers to a list of all the open source and third-party components and the ingredients that make up those components. This is seen as an essential aspect of software and supply chain risk management as it enables security teams to gain more visibility into third-party risks in their software supply chain.
SBOMs have become an increasing focus for the federal government recently, with President Joe Biden’s executive order ‘Improving the Nation’s Cybersecurity’ in May 2021 including new requirements for software vendors to provide this list as part of their federal procurement process. In addition, in November 2022, the Cybersecurity and Infrastructure Security Agency (CISA) included the use of SBOMs as part of its advisory on securing the software supply…
