Upcoming Presentation: Executive Order 14028, SSDF, SBOMs, Oh My! The security road to the mythical Emerald City
When: Tuesday, November 21st at 6:30pm
Where: USC Technology Incubator and streaming online
Who: Dr. Jessica Butel
Synopsis: In May 2021, the United States government issued Executive Order (EO) 14028 for “Improving the Nation's Cybersecurity.” Several of the included initiatives are progressing but still face significant challenges that must be addressed prior to being mandated. On November 16, 2023, CISA released an updated draft Secure Software Development Attestation Common Form and opened the 30-day request for comment period. This attestation has grown from EO 14028 and lists the requirement for software producers to maintain Software Bills of Materials (SBOMs) for their code. Will this approach and these required artifacts really help to improve the nation’s cybersecurity? Or will meaningful improvements fall by the wayside as organizations settle for checking the cybersecurity boxes in their rush to meet fast approaching deadlines? Time may be the only way to tell as we work to navigate the “security road” towards “Emerald City” side-stepping attestation forms, SBOM formats, and federal guidance trying to get to a better security landscape for all. Let’s break down these components, see how these pieces fit together and make predictions for the future.