In recent years, “supply chain security risks“, in which products, systems, and services are subject to security breaches through the supply chain related to their procurement, maintenance, and operation, have become more apparent, and interest in and needs to address such risks are increasing. In response, countries around the world are increasingly discussing the creation and provision of “visualization data” on software configurations based on the SBOM format, a standard data format for listing software components.
Since the creation and provision of this visualization data entails a cost burden for suppliers of products, etc., it is essential to effectively utilize the visualization data at a level commensurate with such costs. In addition, effective utilization encourages the creation and provision of visualization data, leading to a virtuous cycle that leads to a further expansion of utilization scenarios.
Therefore, in this consortium, various businesses that form the supply chain (product vendors, system integrators, security vendors, and businesses that use and operate products, systems, and services, etc.) will cooperate to engage in “co-creation of knowledge” that will contribute to the promotion of the use of visualization data. We aim to promote the creation and provision of visualization data, and to further expand the use of visualization data by sharing the knowledge and know-how possessed by each business entity.
Increasing the transparency of equipment and systems developed through the
supply chain and building a safe and secure system
Security Transparency Consortium
Message from the President
Atsuhiro Goto
President, Security Transparency Consortium
Institute of information security President
Products and services provided by companies and organizations around the world are supported by diverse supply chains, from the planning and design stages to the construction and operation stages. There is a risk that not only the company or organization itself may be directly compromised, but also the security of its business environment and products of the players in the supply chain may be compromised, which is called “supply chain security risk”. Governments, companies, and organizations are highly concerned about supply chain security risk, and many initiatives are underway to address this issue.
One effective means of addressing supply chain security risks is to ensure security transparency by using data that visualizes the contents of products and systems (e.g., software configuration). On the other hand, the creation and provision of visualized data entails a cost burden for suppliers of products, etc. Therefore, effective use of visualized data at a level commensurate with such costs is essential.
The Security Transparency Consortium aims at “co-creation of knowledge” that contributes to the promotion of the use of visualized data through the cooperation of various businesses that form the supply chain. The Consortium will also promote community activities and collaboration with government agencies and other organizations that contribute to these efforts.
What's new
- On December 19th, 2024, 2nd General MeetingOne year after the launch, the consortium's 2nd general meeting was held.President Goto was re-elected as the consortium's President.President Goto commented, "The consortium is doing very good work. Since they worked hard to create the SBOM, I can sense their determination to make full use of it."I think this made all the members feel that… Read more: On December 19th, 2024, 2nd General Meeting
- English version of Knowledge CollectionOn December 9th, 2024, the Consortium released the English version of Knowledge Collection.The title of Knowledge Collection is "Visualization Data Utilization to Ensure Security Transparency -Vulnerability Management Edition-"It can be accessed from "Send of info," menu.The link to the findings collection page is here.
- Visualized Data Utilization Working Group 21st meetingThe 21st meeting of the Visualization Data Utilization Working Group was held on December 5th.Based on the opinions expressed at the 20th meeting, we narrowed down the types of discussions to be held.By bringing together the diversity of our many members, we are steadily making progress in preparing our next deliverables.
- Visualized Data Utilization Working Group 20th meetingThe 20th meeting of the Visualization Data Utilization Working Group was held on November 18th.The number of members of the consortium has doubled since its inception, and each member has a theme to consider.The direction is to review and examine the framework of the working group in order to discuss various topics in the future.The… Read more: Visualized Data Utilization Working Group 20th meeting
- Visualized Data Utilization Working Group 18th and 19th meetingThe 18th and the 19th meeting of the Visualization Data Utilization Working Group was held on October 10th and on October 30th.We have achieved one major goal by releasing our knowledge collection on October 21st.The 19th Working Group discussed what the Consortium would do after the publication of its findings and what the Consortium would… Read more: Visualized Data Utilization Working Group 18th and 19th meeting