ColaSec

Columbia's Information Security Group

A free and informal gathering of information security professionals and enthusiasts in Columbia, South Carolina at the Richland County Public Library on the 3rd Tuesday of every month at 6:00 PM (click on the YouTube bubble).

Founded 2014 (COVID can’t stop us)

Image credit: Zach Pippin
zachpippin.com

Upcoming Presentation: Executive Order 14028, SSDF, SBOMs, Oh My! The security road to the mythical Emerald City

When: Tuesday, November 21st at 6:30pm

Where: USC Technology Incubator and streaming online

Who: Dr. Jessica Butel

Synopsis: In May 2021, the United States government issued Executive Order (EO) 14028 for “Improving the Nation's Cybersecurity.” Several of the included initiatives are progressing but still face significant challenges that must be addressed prior to being mandated. On November 16, 2023, CISA released an updated draft Secure Software Development Attestation Common Form and opened the 30-day request for comment period. This attestation has grown from EO 14028 and lists the requirement for software producers to maintain Software Bills of Materials (SBOMs) for their code. Will this approach and these required artifacts really help to improve the nation’s cybersecurity? Or will meaningful improvements fall by the wayside as organizations settle for checking the cybersecurity boxes in their rush to meet fast approaching deadlines? Time may be the only way to tell as we work to navigate the “security road” towards “Emerald City” side-stepping attestation forms, SBOM formats, and federal guidance trying to get to a better security landscape for all. Let’s break down these components, see how these pieces fit together and make predictions for the future.