Technology trade groups are aligning against a proposal in the House-passed defense policy bill that would require software vendors to attest to the government that their products are free of known defects and to include a bill of materials describing their code.
The groups – the Alliance for Digital Innovation, BSA Software Alliance, the Cybersecurity Coalition and the Information Technology Industry Association – say that the legislation leapfrogs ongoing administrative efforts to establish software bills of materials (SBOMs) as part of the federal acquisition process. Those efforts, the groups say, are still in their developing stages and there isn’t a consistent approach to SBOMs – essentially ingredient lists that tell what proprietary and open source components are included in software application.
