<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.xxxmsonormal, li.xxxmsonormal, div.xxxmsonormal
{mso-style-name:x_x_x_msonormal;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.xxxcontentpasted0
{mso-style-name:x_x_x_contentpasted0;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="xxxmsonormal" style="background:white"><span style="font-size:12.0pt;color:black">FYSA</span><span style="font-size:12.0pt"><o:p></o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span style="font-size:12.0pt"><o:p> </o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span class="xxxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Today, CISA released the <a href="https://www.cisa.gov/resources-tools/resources/software-bill-materials-sbom-sharing-lifecycle-report" title="https://www.cisa.gov/resources-tools/resources/software-bill-materials-sbom-sharing-lifecycle-report">Software
Bill of Materials (SBOM) Sharing Lifecycle Report</a>. Co-sponsored with the U.S. Department of Energy (DOE) Cybersecurity, Energy Security, and Emergency Response (CESER), the report highlights the currently used solutions for sharing SBOMs and assists readers
in considering appropriate solutions depending on their needs concerning the discovery, access, and transport of SBOMs. </span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span class="xxxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">An SBOM is a key building block in software security and software supply chain risk management.
As SBOM adoption efforts mature, and SBOM sharing continues to occur, no single solution or set of solutions have become ubiquitous. The SBOM sharing lifecycle consists of the Discovery, Access, and Transport of an SBOM, and this report details these individual
phases and how an SBOM goes from author (the individual(s) who create an SBOM) to the consumer (the individual(s) who receive the SBOM, such as third parties, authors, integrators, and end users). </span></span><span style="font-size:12.0pt;color:black"><o:p></o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
<p class="xxxmsonormal" style="background:white"><span class="xxxcontentpasted0"><span style="font-size:12.0pt;font-family:"Franklin Gothic Book",sans-serif;color:black">Interoperability between existing and future solutions should be a priority to avoid a
variety of SBOM sharing solutions being created that cannot cooperate in the larger supply chain. This report also highlights SBOM sharing survey results obtained from interviews with stakeholders to understand the current SBOM sharing landscape. </span></span><span class="xxxcontentpasted0"><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></span></p>
<p class="xxxmsonormal" style="background:white"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D9713D.B5F69480"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="xxxmsonormal" style="background:white"><o:p> </o:p></p>
</div>
</body>
</html>