Allan is @allanfriedman on bsky & infosec.exchange
@allanfriedman
Followers
7K
Following
21K
Media
2K
Statuses
15K
#SBOM Champion. Full service technocrat. Now at @CISAgov, formerly NTIA. Lapsed{engineer, academic, author}. Personal Account.
Joined June 2009
In past 15 yrs, I've seen lots of tech folks work on policy, & policy ppl tackle tech. Best predictor of interdisciplinary success: humility.
13
84
329
In case you missed my news elsewhere: This will be my last week at CISA. I’m sad to be leaving a great team, but very excited for some new projects. And don’t worry—I’ll be finding ways to help out with #SBOM! .
meritalk.com
Allan Friedman, who has led the Cybersecurity and Infrastructure Security Agency’s (CISA) efforts to promote the use of software bills of material (SBOM) globally as a key component of advancing...
1
2
10
Setting up for our first ever SBOM Solutions Showcase! This Denver ballroom will be filled with 24 organizations from around the world to meet your #sbom needs, with many more listed online.
0
0
7
RT @MohammadAliEN: Did you know @Docker has an integration for SBOM generation?. $ docker sbom gitweekly/git-weekly. On Docker Engine you c….
github.com
Plugin for Docker CLI to support SBOM creation using Syft - docker/sbom-cli-plugin
0
6
0
RT @vpetersson: Just released an exciting episode of "Nerding Out with Viktor" featuring @allanfriedman from @CISAgov! We dive into Softwar….
0
1
0
RT @ericgeller: DHS says CISA’s test of AI vulnerability detection methods (required by Biden’s AI EO) determined that “the best use of AI….
0
20
0
RT @P_Ensarguet: If you are curious about what #SBOM, #SLSA and #Scorecard are, and how they inter-relate to strengthen #software #security….
blog.thestateofme.com
What? Let’s get the terminology cleared up. This post is about: Software Bill of Materials (SBOM) – the idea that you write down what’s inside the software you’re shipping (…
0
1
0
RT @tai6dur: Now that a patch is available, affected grid operators must do the hard work to identify the affected RTUs running vulnerable….
0
1
0
Solid write up of what a maturing organization should think through for SBOM processes, from whichever vendor or tools you choose.
🔍 Just as the food industry ensures ingredient safety, the #software industry now requires the same level of oversight and transparency. Dive into our latest blog to learn more about validating, implementing, integrating, and monitoring SBOMs. #SBOM #SCA
0
0
1
Got a chance to try this yesterday at a tasting. It has some fun character and complexity. A bit like fino sherry en rama versus good fino.
1
2
1
he wife surprised me with a picnic and what portends to be a fun summer evening in downtown DC.
0
0
3
RT @CISAgov: The updated Software Bill of Materials (SBOM) Frequently Asked Questions (FAQ) provides information on the benefits of SBOM, c….
0
16
0
Living the “champagne lounge, steerage seats” lifestyle. Looking forward to a great week in Seoul, talking about supply chain security, OSS, and—of course—#SBOM
0
0
26
Some good points on the economics there. Not sure I agree with the conclusion, but more people (esp in positions like mine and my agency's) should grapple with this essay.
While it may not be a popular perspective, this author is absolutely right about the reality of a career in cybersecurity- information security. Spot on.
3
1
8
Sometimes, one may need a pile of lobstah.
1
0
58
I’m a city boy, but it really is nice to get away from time to time. Have a great week, everyone!
0
0
15
Hope you can join us in Denver or online! (and I'm pretty excited about the new graphic).
🗓️Mark your calendars! We're hosting SBOM-a-Rama Sept. 11-12 with presentations from across the software community and our new SBOM-Solutions Showcase, where you can connect with top tool makers and vendors. Learn more:
0
1
10
Seems like a good time to remember a fun @CISACyber blog post from last year:
cisa.gov
Like any software system, AI must be Secure by Design. Manufacturers of AI systems must prioritize security throughout the whole lifecycle of the product.
This behavior is a common pattern we see in AI tooling: an immature codebase with simple vulnerabilities, no common security mechanism out-of-the-box. Infrastructure security is one of the most challenging aspects of AI security.
0
0
2
RT @arekfurt: But of course that's not at all how Microsoft and many others do use them today. Today, security defaults are still too ofte….
0
1
0
Registration is now open for SBOM-a-Rama Fall 2024. This year, introducing the SBOM Solution Showcase. Come join us (online or in Denver) in September! .
0
4
6