CISA published a new White Paper on software identification ecosystems to help facilitate better vulnerability management and broader, more effective use of software bills of materials (SBOMs). It’s requesting public comment through Dec 11. Chris Hughes with Endor Labs says it represents an ambitious goal to harmonize software identification and naming, but the requirements are complex to meet. He talks with Alan Shimel about how organizations can gain value from the paper, the top issues in vulnerability management, especially as it relates to OSS, and how to gain value from SBOMs.