In a landmark move for the cybersecurity industry, Dr. Allan Friedman — often called the Father of SBOMs — has joined supply chain security firm NetRise as a strategic advisor. Friedman’s transition from his influential role at CISA marks a pivotal moment where public policy meets private innovation. His mission: to push the Software Bill of Materials (SBOM) initiative beyond regulatory mandates and into AI-powered operational reality.
At CISA, Friedman spearheaded the global conversation around SBOMs — the machine-readable inventories that give organizations visibility into what’s inside their software. Now, by joining forces with NetRise, a leader in AI-driven supply chain risk analysis, Friedman aims to transform SBOMs from compliance artifacts into living data streams that power intelligent threat detection and response.
This partnership comes at a crucial time. Although President Biden’s Executive Order 14028 mandates SBOMs for federal software procurement, the broader private sector has yet to fully operationalize them. Together, Friedman and NetRise plan to change that by marrying SBOM data with artificial intelligence to provide actionable, context-aware insight into software vulnerabilities.
Friedman argues that AI doesn’t replace SBOMs—it depends on them. “AI is only as good as the data it consumes,” he notes, “and the SBOM provides that data.” NetRise CEO Thomas Pace agrees, emphasizing that AI cannot yet solve the supply chain problem alone—it needs the visibility SBOMs deliver. Their collaboration promises to bridge that gap, turning static inventories into dynamic intelligence pipelines.
The implications reach far beyond one company. As defense and enterprise leaders like Kirsten Davies, the nominee for DoD CIO, advocate for integrating SBOM analysis with automated tools and continuous monitoring, this alliance sets the tone for the next evolution in cybersecurity: the fusion of policy-driven transparency and AI-driven risk management.
By bringing together the originator of SBOMs and a company built to operationalize them, this partnership signals the start of a new era for software assurance—one where visibility, automation, and intelligence converge to defend the global supply chain.
#SBOM #AllanFriedman #NetRise #SupplyChainSecurity #Cybersecurity #AI #SoftwareSecurity #ExecutiveOrder14028 #CISA #RiskManagement #VulnerabilityIntelligence #ThomasPace #DevSecOps #ZeroTrust #SoftwareSupplyChain #ArtificialIntelligence #FederalCybersecurity #Compliance #SecurityInnovation
