Should companies provide full transparency about their entire technology ecosystem? Would it help make systems and networks more secure?
A top cybersecurity official at the Commerce Department believes so.
The Washington Post reports:
Allan Friedman, who leads cybersecurity initiatives at the agency's National Telecommunications and Information Administration, thinks companies could make the entire technology ecosystem dramatically more secure just by publishing a record of all the software that goes into their products.
In other words, he wants every piece of technology in the United States to have a public “ingredients list.”
And just like ingredient lists at the grocery store help consumers make smarter decisions about what they eat, the equivalent in software will help companies make smarter decisions about what they buy and how they protect it.
“This is about making it easier and cheaper for anyone across the ecosystem to be aware about what they’re using,” Friedman said.
The problem is there’s not much incentive for any individual company to start publishing these ingredient lists—which NTIA calls a “software bill of materials.” The benefit only comes when a lot of companies are publishing the lists and the entire software ecosystem is more transparent.