[Federal Register Volume 84, Number 152 (Wednesday, August 7, 2019)]
[Notices]
[Pages 38602-38603]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2019-16891]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Telecommunications and Information Administration


Multistakeholder Process on Promoting Software Component 
Transparency

AGENCY: National Telecommunications and Information Administration, 
U.S. Department of Commerce.

ACTION: Notice of open meeting.

-----------------------------------------------------------------------

SUMMARY: The National Telecommunications and Information Administration 
(NTIA) will convene a meeting of a multistakeholder process on 
promoting software component transparency on September 5, 2019.

DATES: The meeting will be held on September 5, 2019, from 10:00 a.m. 
to 4:00 p.m., Eastern Time.

ADDRESSES: The meeting will be held at the American Institute of 
Architects, 1735 New York Ave. NW, Washington, DC 20006.

FOR FURTHER INFORMATION CONTACT: Allan Friedman, National 
Telecommunications and Information Administration, U.S. Department of 
Commerce, 1401 Constitution Avenue NW, Room 4725, Washington, DC 20230; 
telephone: (202) 482-4281; email: [email protected]. Please direct 
media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; 
email: [email protected].

SUPPLEMENTARY INFORMATION: 
    Background: This National Telecommunications and Information 
Administration cybersecurity multistakeholder process focuses on 
promoting software component transparency. Most modern software is not 
written completely from scratch, but includes existing components, 
modules, and libraries from the open source and commercial software 
world. Modern development practices such as code reuse, and a dynamic 
IT marketplace with acquisitions and mergers, make it challenging to 
track the use of software components. The Internet of Things compounds 
this phenomenon, as new organizations, enterprises, and innovators take 
on the role of software developer to add ``smart'' features or 
connectivity to their products. While the majority of libraries and 
components do not have known vulnerabilities, many do, and the sheer 
quantity of software means that some software products ship with 
vulnerable or out-of-date components.
    The first meeting of this multistakeholder process was held on July 
19, 2018, in Washington, DC.\1\ Stakeholders presented multiple 
perspectives, and identified several inter-related work streams: 
Understanding the Problem, Use Cases and State of Practice, Standards 
and Formats, and Healthcare Proof of Concept. Since then, stakeholders 
have been discussing key issues and developing products such as 
guidance documents. NTIA acts as the convener, but stakeholders drive 
the outcomes. Success of the process will be evaluated by the extent to 
which broader findings on software component transparency are 
implemented across the ecosystem.
---------------------------------------------------------------------------

    \1\ Notes, presentations, and a video recording of the July 19, 
2018, kickoff meeting are available at: https://www.ntia.doc.gov/SoftwareTransparency.
---------------------------------------------------------------------------

    The main objectives of the September 5, 2019, meeting are to review 
drafts provided by the working groups, discuss how they complement each 
other, and hear feedback from the broader stakeholder community. 
Stakeholders will also identify next steps in this effort, how progress 
can be made on extending the basic model, collecting tooling, and 
promoting awareness and adoption of stakeholder work. More information 
about stakeholders' work is available at: https://www.ntia.doc.gov/SoftwareTransparency.
    Time and Date: NTIA will convene the next meeting of the 
multistakeholder process on Software Component Transparency on 
September 5, 2019, from 10:00 a.m. to 4:00 p.m. Eastern Time. Please 
refer to NTIA's website, https://www.ntia.doc.gov/SoftwareTransparency, 
for the most current information.
    Place: The meeting will be held at the American Institute of 
Architects, 1735 New York Ave. NW, Washington, DC 20006. The location 
of the meeting is subject to change. Please refer to NTIA's website, 
https://www.ntia.doc.gov/SoftwareTransparency, for the most current 
information.
    Other Information: The meeting is open to the public and the press 
on a first-come, first-served basis. Space is limited.

[[Page 38603]]

    The meeting is physically accessible to people with disabilities. 
Requests for sign language interpretation or other auxiliary aids 
should be directed to Allan Friedman at (202) 482-4281 or 
[email protected] at least seven (7) business days prior to each 
meeting. The meetings will also be webcast. Requests for real-time 
captioning of the webcast or other auxiliary aids should be directed to 
Allan Friedman at (202) 482-4281 or [email protected] at least 
seven (7) business days prior to each meeting. There will be an 
opportunity for stakeholders viewing the webcast to participate 
remotely in the meetings through a moderated conference bridge, 
including polling functionality. Access details for the meetings are 
subject to change. Please refer to NTIA's website, https://www.ntia.doc.gov/SoftwareTransparency, for the most current 
information.

    Dated: August 2, 2019.
Kathy Smith,
Chief Counsel, National Telecommunications and Information 
Administration.
[FR Doc. 2019-16891 Filed 8-6-19; 8:45 am]
 BILLING CODE 3510-60-P