Adrian Diglio leads Microsoft’s centralized strategy to secure the software supply chain as a Principal PM in the 1ES organization. Adrian contributed to the 2020 & 2021 Microsoft Digital Defense Report (MDDR), is a key contributor to the upcoming SPDX 3.0 Software Bill of Materials (SBOM) schema, and is a panelist at many Secure Supply Chain Summits, such as U.S. Department of Energy (DOE) and North Carolina State University. Adrian has a BA from Cal Poly Pomona, and an MBA from San Diego State University (SDSU) and holds the following certifications: CISSP, Security+, A+, PMP, GCED, OSWP
A secure software supply chain represents another facet of Microsoft's built-in security to enhance and maintain trust in our products. It’s a continuation of the journey we embarked upon since the launch of Security Development Lifecycle (SDL) in 2004 and represents our commitment to continually enhance Microsoft’s foundational security.
We are excited and proud to open source our software bill of materials (SBOM) generation tool. A key requirement of the Executive Order on Improving the Nation's Cybersecurity, SBOMs are lists of ingredients that make up software components, providing software transparency so organizations have insight into their supply chain dependencies.
...
In this post, Adrian Diglio walks us through how Microsoft is planning to generate SBOMs not just to meet the U.S. Presidential Executive Order on Improving the Nation's Cybersecurity, but for all software that Microsoft produces.
Light
Dark