@adulau@infosec.exchange2026-01-29 16:45:09
So the original #SBOM requirement for federal agencies in US was just removed.
"OMB Memorandum M-22-18, Enhancing the Security of the Software Supply Chain
through Secure Software Development Practices (M-22-18), imposed unproven and burdensome software accounting processes that prioritized compliance over genuine security investments.
This policy diverted agencies from developing tail…