easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114Cisco is proud to announce the general availability of an entirely new capability in the software industry and a first for Cisco: the distribution of SPDX-formatted Software Bill of Materials\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n Cisco is proud to announce the general availability of an entirely new capability in the software industry and a first for Cisco: the distribution of SPDX-formatted Software Bill of Materials (SBOMs). SBOMs are a crucial step forward in providing visibility and ultimately, greater resilience across the entire software supply chain. As of June 2023, most customers and partners can request an SBOM<\/a> for any supported on-premise Cisco software released after September 2021.<\/p>\n I have blogged about Cisco\u2019s commitment to transparency<\/a>, specifically our support for SBOMs and our desire to collaborate across the software community to build the next generation of transparency. Today, Cisco stands ready to distribute SBOMs. This comes before other large technology vendors, ahead of the forthcoming government<\/a> mandates<\/a>, to customers outside of the public sector, and in a standardized, machine-readable format. Considering the shared complexities across the software industry, this is an important moment to recognize in our march toward software transparency that reduces risk.<\/p>\n The idea of an SBOM is deceptively simple, a machine-readable data format for organizing metadata describing the composition of software artifacts. SBOMs document the third-party software components contained in a downloadable software image. Cisco customers can download and use software in many ways, including client applications that run on end-user devices (e.g., Cisco Secure Client with AnyConnect), hardware-based appliances with applications running on Cisco-maintained operating systems (e.g., Identity Services Engine), virtualized applications that run in customers\u2019 data centers or public cloud environments (e.g., Intersight), and network operating systems that power Cisco routers, switches, and firewalls (e.g., IOS XE, IOS XR, Nexus OS, FTD). \u00a0The pervasiveness and scale of software across networks combined with decades of software evolution highlights the incredible complexity that SBOMs are attempting to overcome.<\/p>\n The novelty of SBOMs is in standardizing how dependency metadata is documented; Cisco can make software dependency information which was previously only used internally useful for customers and organizations beyond Cisco. Sharing SBOMs across organizational boundaries provides customers with visibility into a software vendors\u2019 upstream dependencies. Distributing SBOMs to our customers and partners underscores Cisco\u2019s commitment to software transparency<\/a> that both improves software supply chain resiliency and reduces cascading risk.<\/p>\n I often describe the software supply \u00a0chain \u00a0graph to illustrate the complexities that make documenting SBOMs an intricate problem shared across the software industry. Several factors have contributed to Cisco\u2019s ability to deliver on this commitment, which we believe will help your organization to adopt SBOMs:<\/p>\n Strong Foundation:<\/strong> For more than a decade, an internal ecosystem of tools and processes has managed Cisco\u2019s third-party software At Cisco SBOM requirements are part of the Cisco Secure Development Lifecycle<\/a> policy. Start by defining your internal policies for third party software risk management and compliance. While this is a significant step forward, industry is early in this SBOM journey, and at Cisco we continue to identify areas to improve. To accelerate adoption, SBOMs must be natural biproducts of the software build process. Software build environments are the manufacturing lines for products. Breaking the build process by instrumenting new tools or updating libraries can have significant economic repercussions. It will take time for SBOM tooling to become stable, scalable, and available across programming languages, version control systems, compilers and linkers, CI\/CD and pipeline automation tools, and packaging ecosystems. General availability of these tools is necessary to minimize human intervention as we aim to improve the accuracy and completeness of SBOMs.<\/p>\n Additional work in standardizing the distribution, consumption, and analysis of SBOMs alongside other datasets is also necessary. We welcome your comments and encourage you to consider the following two questions:<\/p>\n How are you adopting SBOMs in your organization? Learn more about SBOMs at Cisco<\/a>.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n \u00a0\u00a0This announcement underscores our commitment to software transparency that improves supply chain security.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n Cisco is proud to announce the general availability of an entirely new capability in the software industry and a first for Cisco: the distribution of SPDX-formatted Software Bill of Materials\u2026 Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n Cisco is proud to announce the general availability of an entirely new capability in the software industry and a first for Cisco: the distribution of SPDX-formatted Software Bill of Materials (SBOMs). SBOMs are a crucial step forward in providing visibility and ultimately, greater resilience across the entire software supply chain. As of June 2023, most customers and partners can request an SBOM<\/a> for any supported on-premise Cisco software released after September 2021.<\/p>\n I have blogged about Cisco\u2019s commitment to transparency<\/a>, specifically our support for SBOMs and our desire to collaborate across the software community to build the next generation of transparency. Today, Cisco stands ready to distribute SBOMs. This comes before other large technology vendors, ahead of the forthcoming government<\/a> mandates<\/a>, to customers outside of the public sector, and in a standardized, machine-readable format. Considering the shared complexities across the software industry, this is an important moment to recognize in our march toward software transparency that reduces risk.<\/p>\n The idea of an SBOM is deceptively simple, a machine-readable data format for organizing metadata describing the composition of software artifacts. SBOMs document the third-party software components contained in a downloadable software image. Cisco customers can download and use software in many ways, including client applications that run on end-user devices (e.g., Cisco Secure Client with AnyConnect), hardware-based appliances with applications running on Cisco-maintained operating systems (e.g., Identity Services Engine), virtualized applications that run in customers\u2019 data centers or public cloud environments (e.g., Intersight), and network operating systems that power Cisco routers, switches, and firewalls (e.g., IOS XE, IOS XR, Nexus OS, FTD). \u00a0The pervasiveness and scale of software across networks combined with decades of software evolution highlights the incredible complexity that SBOMs are attempting to overcome.<\/p>\n The novelty of SBOMs is in standardizing how dependency metadata is documented; Cisco can make software dependency information which was previously only used internally useful for customers and organizations beyond Cisco. Sharing SBOMs across organizational boundaries provides customers with visibility into a software vendors\u2019 upstream dependencies. Distributing SBOMs to our customers and partners underscores Cisco\u2019s commitment to software transparency<\/a> that both improves software supply chain resiliency and reduces cascading risk.<\/p>\n I often describe the software supply \u00a0chain \u00a0graph to illustrate the complexities that make documenting SBOMs an intricate problem shared across the software industry. Several factors have contributed to Cisco\u2019s ability to deliver on this commitment, which we believe will help your organization to adopt SBOMs:<\/p>\n Strong Foundation:<\/strong> For more than a decade, an internal ecosystem of tools and processes has managed Cisco\u2019s third-party software At Cisco SBOM requirements are part of the Cisco Secure Development Lifecycle<\/a> policy. Start by defining your internal policies for third party software risk management and compliance. While this is a significant step forward, industry is early in this SBOM journey, and at Cisco we continue to identify areas to improve. To accelerate adoption, SBOMs must be natural biproducts of the software build process. Software build environments are the manufacturing lines for products. Breaking the build process by instrumenting new tools or updating libraries can have significant economic repercussions. It will take time for SBOM tooling to become stable, scalable, and available across programming languages, version control systems, compilers and linkers, CI\/CD and pipeline automation tools, and packaging ecosystems. General availability of these tools is necessary to minimize human intervention as we aim to improve the accuracy and completeness of SBOMs.<\/p>\n Additional work in standardizing the distribution, consumption, and analysis of SBOMs alongside other datasets is also necessary. We welcome your comments and encourage you to consider the following two questions:<\/p>\n How are you adopting SBOMs in your organization? Learn more about SBOMs at Cisco<\/a>.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!<\/em><\/p>\n Cisco Secure Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n
\nStandardized Approach:<\/strong> Cisco supports the development of SBOM-related standards, including SPDX<\/a>, CSAF<\/a>, and OmniBOR<\/a>. We have improved internal tools supporting these external standards and have set internal standards to ensure quality and consistency in the SBOMs we distribute. Start by defining the process you will use across your organization; at Cisco we refer to this as the SBOM workflow.
\nCentralized Services:<\/strong> New investments across Cisco have enabled the centralized development of capabilities that any engineering team can use to reduce duplication of SBOM tools and services and to accelerate SBOM adoption. Start by identifying the distinct types of software your organization distributes and creating requirements for centralized services to support all your software distribution types.
\nUnified Commitment:<\/strong> A collaborative rollout of SBOMs across multiple engineering organizations at Cisco underscores our focus to meet our customers\u2019 needs. Start by gaining support from organizational leaders; at Cisco we regularly communicate updates to engineering and security leaders.<\/p>\n
\nWhat is your biggest priority as SBOMs continue to gain traction?<\/p>\n
\nStandardized Approach:<\/strong> Cisco supports the development of SBOM-related standards, including SPDX<\/a>, CSAF<\/a>, and OmniBOR<\/a>. We have improved internal tools supporting these external standards and have set internal standards to ensure quality and consistency in the SBOMs we distribute. Start by defining the process you will use across your organization; at Cisco we refer to this as the SBOM workflow.
\nCentralized Services:<\/strong> New investments across Cisco have enabled the centralized development of capabilities that any engineering team can use to reduce duplication of SBOM tools and services and to accelerate SBOM adoption. Start by identifying the distinct types of software your organization distributes and creating requirements for centralized services to support all your software distribution types.
\nUnified Commitment:<\/strong> A collaborative rollout of SBOMs across multiple engineering organizations at Cisco underscores our focus to meet our customers\u2019 needs. Start by gaining support from organizational leaders; at Cisco we regularly communicate updates to engineering and security leaders.<\/p>\n
\nWhat is your biggest priority as SBOMs continue to gain traction?<\/p>\n