In recent years, “supply chain security risks“, in which products, systems, and services are subject to security breaches through the supply chain related to their procurement, maintenance, and operation, have become more apparent, and interest in and needs to address such risks are increasing. In response, countries around the world are increasingly discussing the creation and provision of “visualization data” on software configurations based on the SBOM format, a standard data format for listing software components.
Since the creation and provision of this visualization data entails a cost burden for suppliers of products, etc., it is essential to effectively utilize the visualization data at a level commensurate with such costs. In addition, effective utilization encourages the creation and provision of visualization data, leading to a virtuous cycle that leads to a further expansion of utilization scenarios.
Therefore, in this consortium, various businesses that form the supply chain (product vendors, system integrators, security vendors, and businesses that use and operate products, systems, and services, etc.) will cooperate to engage in “co-creation of knowledge” that will contribute to the promotion of the use of visualization data. We aim to promote the creation and provision of visualization data, and to further expand the use of visualization data by sharing the knowledge and know-how possessed by each business entity.
Message from the President
President, Security Transparency Consortium
Institute of information security President
Products and services provided by companies and organizations around the world are supported by diverse supply chains, from the planning and design stages to the construction and operation stages. There is a risk that not only the company or organization itself may be directly compromised, but also the security of its business environment and products of the players in the supply chain may be compromised, which is called “supply chain security risk”. Governments, companies, and organizations are highly concerned about supply chain security risk, and many initiatives are underway to address this issue.
One effective means of addressing supply chain security risks is to ensure security transparency by using data that visualizes the contents of products and systems (e.g., software configuration). On the other hand, the creation and provision of visualized data entails a cost burden for suppliers of products, etc. Therefore, effective use of visualized data at a level commensurate with such costs is essential.
The Security Transparency Consortium aims at “co-creation of knowledge” that contributes to the promotion of the use of visualized data through the cooperation of various businesses that form the supply chain. The Consortium will also promote community activities and collaboration with government agencies and other organizations that contribute to these efforts.
- Visualized Data Utilization Working Group 4th and 5th meetingsThe 4th and 5th meetings of the Visualization Data Utilization Working Group were held on January 25th and February 15th. There was a heated discussion about the issues that arise when introducing visualized data.
- Menu improvementsImproved the footer menu of the homepage. I think it’s easier to use. Although “Notice” has been removed from the footer menu, there is a button below “New Information” on the home screen that allows you to jump to “Notice”.
- Happy New YearThe year 2024 has arrived. We are looking forward to companies that support the activities and purpose of this consortium and are interested in participating.
- Visualization Data Utilization Working Group 3rd meetings12/21 The 3rd meeting of the Visualized Data Utilization Working Group was held. There was a heated discussion about issues and future challenges for both those who use and provide visualized data. All new members actively participated in the discussions based on the discussions of the working group so far.
- Visualization Data Utilization Working Group 1st and 2nd meetingsFollowing the first meeting of the Working Group for Utilization of Visualized Data on November 21, the second meeting was held on December 5.A heated discussion was held on issues and future challenges for both the users and providers of visualization data.