2020-05666. Multistakeholder Process on Promoting Software Component Transparency  

  • Start Preamble

    AGENCY:

    National Telecommunications and Information Administration, U.S. Department of Commerce.

    ACTION:

    Notice of open meeting.

    SUMMARY:

    The National Telecommunications and Information Administration (NTIA) will convene a virtual meeting of a multistakeholder process on promoting software component transparency on April 15, 2020.

    DATES:

    The meeting will be held on April 15, 2020, from 10:00 a.m. to 4:00 p.m., Eastern Time.

    ADDRESSES:

    The meeting will be held virtually, with online slide share and dial-in information to be posted at https://www.ntia.doc.gov/​SoftwareTransparency.

    Start Further Info

    FOR FURTHER INFORMATION CONTACT:

    Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW, Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; email: press@ntia.doc.gov.

    End Further Info End Preamble Start Supplemental Information

    SUPPLEMENTARY INFORMATION:

    Start Printed Page 15436

    Background

    This National Telecommunications and Information Administration cybersecurity multistakeholder process focuses on promoting software component transparency. Most modern software is not written completely from scratch, but includes existing components, modules, and libraries from the open source and commercial software world. Modern development practices such as code reuse, and a dynamic IT marketplace with acquisitions and mergers, make it challenging to track the use of software components. The Internet of Things compounds this phenomenon, as new organizations, enterprises, and innovators take on the role of software developer to add “smart” features or connectivity to their products. While the majority of libraries and components do not have known vulnerabilities, many do, and the sheer quantity of software means that some software products ship with vulnerable or out-of-date components.

    The first meeting of this multistakeholder process was held on July 19, 2018, in Washington, DC.[1] Stakeholders presented multiple perspectives, and identified several inter-related work streams: Understanding the Problem, Use Cases and State of Practice, Standards and Formats, and Healthcare Proof of Concept. Since then, stakeholders have been discussing key issues and developing products such as guidance documents. NTIA acts as the convener, but stakeholders drive the outcomes. Success of the process will be evaluated by the extent to which broader findings on software component transparency are implemented across the ecosystem.

    The first set of stakeholder-drafted documents on Software Bills of Materials was published by NTIA in November 2019. Those documents, and subsequent consensus-approved drafts from the community are published at: https://www.ntia.doc.gov/​SBOM. The main objectives of the April 15, 2020, meeting are to share progress from the working groups; to give feedback on the ongoing work around technical challenges, tooling, demonstrations, and awareness and adoption; and to begin discussions around potential guidance or playbook documents. More information about stakeholders' work is available at: https://www.ntia.doc.gov/​SoftwareTransparency.

    Time and Date: NTIA will convene the next meeting of the multistakeholder process on Software Component Transparency on April 15, 2020, from 10:00 a.m. to 4:00 p.m. Eastern Time. The exact time of the meeting is subject to change. Please refer to NTIA's website, https://www.ntia.doc.gov/​SoftwareTransparency,, for the most current information.

    Place: The meeting will be held virtually, with online slide share and dial-in information to be posted at https://www.ntia.doc.gov/​SoftwareTransparency. Please refer to NTIA's website, https://www.ntia.doc.gov/​SoftwareTransparency, for the most current information.

    Other Information: The meeting is open to the public and the press on a first-come, first-served basis.

    The virtual meeting is accessible to people with disabilities. Requests for real-time captioning or other auxiliary aids should be directed to Allan Friedman at (202) 482-4281 or afriedman@ntia.doc.gov at least seven (7) business days prior to the meeting. Access details for the meeting are subject to change. Please refer to NTIA's website, https://www.ntia.doc.gov/​SoftwareTransparency, for the most current information.

    Start Signature

    Dated: March 13, 2020.

    Kathy D. Smith,

    Chief Counsel, National Telecommunications and Information Administration.

    End Signature End Supplemental Information

    Footnotes

    1.  Notes, presentations, and a video recording of the July 19, 2018, kickoff meeting are available at: https://www.ntia.doc.gov/​SoftwareTransparency.

    Back to Citation

    [FR Doc. 2020-05666 Filed 3-17-20; 8:45 am]

    BILLING CODE 3510-60-P

Document Information

Published:
03/18/2020
Department:
National Telecommunications and Information Administration
Entry Type:
Notice
Action:
Notice of open meeting.
Document Number:
2020-05666
Dates:
The meeting will be held on April 15, 2020, from 10:00 a.m. to 4:00 p.m., Eastern Time.
Pages:
15435-15436 (2 pages)
PDF File:
2020-05666.pdf