[Federal Register Volume 85, Number 239 (Friday, December 11, 2020)]
[Notices]
[Pages 80055-80056]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2020-27323]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Telecommunications and Information Administration


Multistakeholder Process on Promoting Software Component 
Transparency

AGENCY: National Telecommunications and Information Administration, 
Department of Commerce.

ACTION: Notice of open meeting.

-----------------------------------------------------------------------

SUMMARY: The National Telecommunications and Information Administration 
(NTIA) will convene a virtual meeting of a multistakeholder process on 
promoting software component transparency on January 13, 2021.

DATES: The meeting will be held on January 13, 2021, from 12:00 p.m. to 
4:00 p.m., Eastern Time.

ADDRESSES: The meeting will be held virtually, with online slide share 
and dial-in information to be posted at https://www.ntia.gov/SoftwareTransparency.

FOR FURTHER INFORMATION CONTACT: Allan Friedman, National 
Telecommunications and Information Administration, U.S. Department of 
Commerce, 1401 Constitution Avenue NW, Room 4725, Washington, DC 20230; 
telephone: (202) 482-4281; email: [email protected]. Please direct 
media inquiries to NTIA's Office of Public Affairs: (202) 482-7002; 
email: [email protected].

SUPPLEMENTARY INFORMATION:

Background

    This NTIA cybersecurity multistakeholder process focuses on 
promoting software component transparency.\1\ Most modern software is 
not written completely from scratch, but includes existing components, 
modules, and libraries from the open source and commercial software 
world. Modern development practices such as code reuse, and a dynamic 
IT marketplace with acquisitions and mergers, make it challenging to 
track the use of software components. The Internet of Things compounds 
this phenomenon, as new organizations, enterprises, and innovators take 
on the role of software developer to add ``smart'' features or 
connectivity to their products. While the majority of libraries and 
components do not have known vulnerabilities, many do, and the sheer 
quantity of software means that some software products ship with 
vulnerable or out-of-date components.
---------------------------------------------------------------------------

    \1\ NTIA serves as the President's principal adviser on 
telecommunications and information policies. See 47 U.S.C. 
902(b)(2)(D).
---------------------------------------------------------------------------

    The first meeting of this multistakeholder process was held on July 
19, 2018, in Washington, DC.\2\ Stakeholders presented multiple 
perspectives, and identified several inter-related work streams: 
Understanding the Problem, Use Cases and State of Practice, Standards 
and Formats, and Healthcare Proof of Concept. Since then, stakeholders 
have been discussing key issues and developing products such as 
guidance documents. NTIA acts as the convener, but stakeholders drive 
the outcomes. Success of the process will be evaluated by the extent to 
which broader findings on software component transparency are 
implemented across the ecosystem.
---------------------------------------------------------------------------

    \2\ Notes, presentations, and a video recording of the July 19, 
2018 kickoff meeting are available at: https://www.ntia.gov/SoftwareTransparency.
---------------------------------------------------------------------------

    The first set of stakeholder-drafted documents on Software Bills of 
Materials was published by NTIA in November 2019. Those documents, and 
subsequent consensus-approved drafts from the community, are available 
at: https://www.ntia.gov/SBOM. The main objectives of the January 13, 
2021 meeting are to share progress from the working groups; to give 
feedback on the ongoing work around technical challenges, tooling, 
demonstrations, and awareness and adoption; and to continue discussions 
around potential guidance or playbook documents. This meeting will also 
feature short demonstrations of SBOM-related tools and services to help 
the community understand the growth of the broader ecosystem. 
Demonstration suggestions and proposals should be 250 words or less and 
should be submitted to Allan Friedman at [email protected] by December 
21, 2020. More information about stakeholders' work is available at: 
https://www.ntia.gov/SoftwareTransparency.
    Time and Date: NTIA will convene the next meeting of the 
multistakeholder process on Software Component Transparency on January 
13, 2021, from 12:00 p.m. to 4:00 p.m. Eastern Time. The exact time of 
the meeting is subject to change. Please refer to NTIA's website, 
https://www.ntia.gov/SoftwareTransparency, for the most current 
information.
    Place: The meeting will be held virtually, with online slide share 
and dial-in information to be posted at https://www.ntia.gov/SoftwareTransparency. Please refer to NTIA's website, https://www.ntia.gov/SoftwareTransparency, for the most current information.
    Other Information: The meeting is open to the public and the press 
on a first-come, first-served basis.
    The virtual meeting is accessible to people with disabilities. 
Requests for real-time captioning or other auxiliary aids should be 
directed to Allan Friedman at (202) 482-4281 or [email protected] at 
least seven (7) business days prior to the meeting. Access details for 
the meeting are subject to change. Please refer to NTIA's website, 
https://www.ntia.gov/SoftwareTransparency, for the most current 
information.


[[Page 80056]]


    Dated: December 8, 2020.
Kathy D. Smith,
Chief Counsel, National Telecommunications and Information 
Administration.
[FR Doc. 2020-27323 Filed 12-10-20; 8:45 am]
BILLING CODE 3510-60-P