[SCITT] FW: [sw.assurance] AGENDA ATTACHED - Software and Supply Chain Assurance Forum Meeting- May 31/June 1, 2023
Dick Brooks <dick@reliableenergyanalytics.com> Wed, 24 May 2023 22:12 UTC
Return-Path: <dick@reliableenergyanalytics.com>
X-Original-To: scitt@ietfa.amsl.com
Delivered-To: scitt@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85761C151B09 for <scitt@ietfa.amsl.com>; Wed, 24 May 2023 15:12:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=reliableenergyanalytics.com header.b="V+HImwXL"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="lPOpo8Zw"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xFNECDBABQYD for <scitt@ietfa.amsl.com>; Wed, 24 May 2023 15:12:05 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 408F8C151B35 for <scitt@ietf.org>; Wed, 24 May 2023 15:12:05 -0700 (PDT)
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 480095C0134; Wed, 24 May 2023 18:12:04 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Wed, 24 May 2023 18:12:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= reliableenergyanalytics.com; h=cc:cc:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:reply-to:sender:subject :subject:to:to; s=fm2; t=1684966324; x=1685052724; bh=t+wVKDs2Kt I5O3OBkFRXo4K1lC+PBGic2akHXgjeuU4=; b=V+HImwXL1nZ7idAdT2MEGUDrwe /ux96ThiQv9AkRG5U7hG2h2paP8ZM1sJoO5umqzrLxzFRHH04jRQ2y+ZIQABwGwZ D0kTNz1USt7w4iqF1T7Gsv3EnFOn0VWhZ87XAsQMAbSjb/+NY8dOm1hKjuS9yZJg NquxYjtLpnbtYO/Z/Loq8ATG5jPQp2KgPkFS5rLmDsiZQiaJeI5tqOWsLvZbxGWg iLAkVY8XC8+c01Qv9yiUAB5KvEVK1NEcTxZ93t5gcD48Rog8trrlxIjyQ3POXFB8 b15+dE0AL9VTZh1HVas0VvVi4bTwakOll8KiXouFRNO6g5cHmeXcZWocjkTg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1684966324; x=1685052724; bh=t +wVKDs2KtI5O3OBkFRXo4K1lC+PBGic2akHXgjeuU4=; b=lPOpo8ZwDYPN4HLZy qJHEZoj41KmnVWdpWtdX9DOCvu+sFp7rq99INfmGFrXCrYwo/AzoeyV/Qr1yNZ/2 bsV8vixgIq2nriMdQmBKJmRjVpLZBL2kAPVaq0u5dY8O32cu77A84BClG1GxBAVw r5RYw5tsPmxbYbm0X9CKXx5WpJ4gm2vqmnlFg/Aqnlt58mI/kDgWbAvUO+2YXsRW NcDd5keSn1t4SyiufwqBQemzpuIGka1B3YN7h6M70QcTGGsVqwhaNxV3z+t19h8Z d8gIg6Du1SBQUPT86T8VnYXd/xlx3IPVGUaUHQ+NrpV3YJqX3mPaVv8/JULRqO28 S723A==
X-ME-Sender: <xms:tItuZGPgRb_60lJj5ImtU8GzZA1p_SOMu9glQ0-XLRctoCWZwvcf4A> <xme:tItuZE-YkzUySbme24mnfa7C31h7xbJw_FEu7Ht_C9ANCGk6gRNrLPIyVT-CZaLEx UyAaWKT9LB-rfkvWQ>
X-ME-Received: <xmr:tItuZNQr40wR0rJ1IVmjHCoC7cLoCl638Fp6NS131FAxa3lSj-YCd9A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeejiedgtdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne gfrhhlucfvnfffucdlqddutddmnecujfgurheprhfhvfevfhgjufffohfkgggtofhtsehm tdhgpedvtdejnecuhfhrohhmpedfffhitghkuceurhhoohhkshdfuceoughitghksehrvg hlihgrsghlvggvnhgvrhhghigrnhgrlhihthhitghsrdgtohhmqeenucggtffrrghtthgv rhhnpeekgfdugfetvdelffeivdekjeefhefhheduudduveekvddtgeeggfdtffdujeetvd enucffohhmrghinheprhgvlhhirggslhgvvghnvghrghihrghnrghlhihtihgtshdrtgho mhdpvghvvghnthhstghlohhuugdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurf grrhgrmhepmhgrihhlfhhrohhmpeguihgtkhesrhgvlhhirggslhgvvghnvghrghihrghn rghlhihtihgtshdrtghomh
X-ME-Proxy: <xmx:tItuZGuNbVohHMdMxM_MyoLDMPlfNGTpl3EzauyXOPaz1F8wVP2TWw> <xmx:tItuZOccm1LPyLy--1jr84Z9-k124ViCQ9unLC1P7JxAxa4ilgXstg> <xmx:tItuZK103f87h58wpJn48WXyzxxfj5tsBfJ-cBtiURpwgK8nyDvR0Q> <xmx:tItuZCG7wrOE7miE7u7rtKqplmbwTFX0V7YCT5R6160XQFkHsO1cIg>
Feedback-ID: i57d944d0:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 24 May 2023 18:12:03 -0400 (EDT)
Reply-To: dick@reliableenergyanalytics.com
From: Dick Brooks <dick@reliableenergyanalytics.com>
To: 'SPDX Technical Mailing List' <Spdx-tech@lists.spdx.org>, scitt@ietf.org
Cc: 'Adrian Diglio' <Adrian.Diglio@microsoft.com>
References: <6f64828b-ec7a-403f-9ec5-74d23eac2c29n@list.nist.gov> <4296f392-8107-4a3c-bca3-70b1fd86d4c6n@list.nist.gov> <02af6e03-e50e-4d99-ba5a-bb596094b074n@list.nist.gov>
In-Reply-To: <02af6e03-e50e-4d99-ba5a-bb596094b074n@list.nist.gov>
Date: Wed, 24 May 2023 18:12:02 -0400
Organization: Reliable Energy Analytics LLC
Message-ID: <152201d98e8c$c538cd20$4faa6760$@reliableenergyanalytics.com>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_1523_01D98E6B.3E299E20"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIvHhh7mBtDIZYKFaaBdsbwz8iVkAGiYzDDAlauW9SunxO+AA==
Content-Language: en-us
Archived-At: <https://mailarchive.ietf.org/arch/msg/scitt/2KL6Rgd9UgD_mi6Y38g7rNtcREA>
Subject: [SCITT] FW: [sw.assurance] AGENDA ATTACHED - Software and Supply Chain Assurance Forum Meeting- May 31/June 1, 2023
X-BeenThere: scitt@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Supply Chain Integrity, Transparency, and Trust" <scitt.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/scitt>, <mailto:scitt-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/scitt/>
List-Post: <mailto:scitt@ietf.org>
List-Help: <mailto:scitt-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/scitt>, <mailto:scitt-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 May 2023 22:12:10 -0000
FYI, This looks to be a very influential and knowledgeable gathering of experts by NIST and may result in real progress on SBOM adoption within the Federal Government for OMB M-22-18 and the National Cybersecurity Strategy implementation. Encouraging step. Glad to see Microsoft participating on SBOM. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:dick@reliableenergyanalytics.com> dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: 'Angela Smith' via sw.assurance <sw.assurance@list.nist.gov> Sent: Wednesday, May 24, 2023 4:52 PM To: sw.assurance <sw.assurance@list.nist.gov> Subject: [sw.assurance] AGENDA ATTACHED - Software and Supply Chain Assurance Forum Meeting- May 31/June 1, 2023 We have a great line-up of topics and speakers for this Forum meeting. Looking forward to seeing you there! Draft agenda, attached On Monday, May 8, 2023 at 5:02:13 PM UTC-4 Angela Smith wrote: Please register here: https://na.eventscloud.com/SSCAmeetings2023/ Agenda is still being finalized but planned topics include: - SBOM: multiple presentations/talks from industry and government covering both the production and consumption of SBOMs and the SBOM lifecycle - Draft Secure Software Self-Attestation Form - Overview of the proposed EU Cyber Resilience Act - CMMC Update - MITRE System of Trust Update and more! ---------- Forwarded message --------- From: Angela Smith <angela.smith@nist.gov <mailto:angela.smith@nist.gov> > Date: Monday, May 1, 2023 at 1:50:58 PM UTC-4 Subject: SAVE THE DATE: Software and Supply Chain Assurance Forum Meeting- May 31/June 1, 2023 To: sw.assurance <sw.assurance@list.nist.gov <mailto:sw.assurance@list.nist.gov> > We are excited to share news about our upcoming in-person Software & Supply Chain Assurance (SSCA) Forum meeting! Tell your friends, please mark your calendars, and join us on Wednesday, May 31st and Thursday, June 1st at MITRE's McLean Campus. The SSCA operates under Chatham House rules, there is no cost to participate, and the event is open to the public. We'll be sending out an update soon with a registration link and additional info about the agenda. Also - we are always open to receiving suggestions for topics and do our best to find the right focus to discuss recommended topics. We hold these meetings for the community so don't be shy - - we want to hear from you about what you want to know more about or want to discuss with our community. We typically keep a running list of recommendations and do our best to work them in at some point. About the SSCA Meetings: Cyber risk has become a topic of core strategic concern for business and government leaders worldwide and is an essential component of an enterprise risk management strategy. The Software and Supply Chain Assurance (SSCA) Forum provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved. The effort is currently co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), and the Department of Defense (DoD. Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields. Additional information about the SSCA Forum, including past meetings, can be found at <http://csrc.nist.gov/scrm/ssca/> http://csrc.nist.gov/scrm/ssca/ We hope you can join us! -- To unsubscribe from this group, send email to sw.assurance+unsubscribe@list.nist.gov <mailto:sw.assurance+unsubscribe@list.nist.gov> View this message at https://list.nist.gov/sw.assurance --- To unsubscribe from this group and stop receiving emails from it, send an email to sw.assurance+unsubscribe@list.nist.gov <mailto:sw.assurance+unsubscribe@list.nist.gov> .