U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Information Technology Laboratory

Executive Order 14028, Improving the Nation's Cybersecurity

Enhancing Software Supply Chain Security: Responses to Call for Position Papers on Standards and Guidelines

Share

Comments Received in Response To:
Enhancing Software Supply Chain Security: Workshop and Call for Position Papers on Standards and Guidelines

[Click on company name to view position paper]

Organization

Submitted by:

ABB

Jim Lemanowicz

Accenture Labs

Lisa O'Connor

AdaCore

Romain Berrendonner

Aesec Corporation

Ed Reed

All.net (1)

Fred Cohen

All.net (2)

Fred Cohen

All.net (3)

Fred Cohen

All.net (4)

Fred Cohen

ANAB

Reinaldo Figueiredo

Apache TeaClave

Yu Ding

ATIS 5G Supply Chain Working Group

Tom Anderson

AWS

Mark Ryland

BBN Technologies

Partha Pal

BeyondTrust (1)

Erin Scanlan

BeyondTrust (2)

Erin Scanlan

Blackberry

Takashi Suzuki

Broadcom and Symantec (1)

Sunjeet Randhawa

Broadcom and Symantec (2)

Sunjeet Randhawa

Broadcom and Symantec (3)

Sunjeet Randhawa

Broadcom and Symantec (4)

Sunjeet Randhawa

BSA | The Software Alliance

Henry Young
Censinet (1) Peter Pavlovich

Censinet (2)

Paul Russell

CERT/CC

Art Manion

CERT/CC

Art Manion

Cisco

Jeff Schutt

CISQ

Dr. Bill Curtis

Consumer Technology Association (CTA)

Megan Brown

Containn Inc.

Lisa Azevedo

Contrast Security (1)

Jeff Williams

Contrast Security (2)

Jeff Williams

Contrast Security (3)

Jeff Williams

Contrast Security (4)

Jeff Williams

Contrast Security (5)

Jeff Williams

Copado

Daniel Riedel

Correct Computation

Michael Hicks

Cybersecurity Coalition (1)

Ross Nodurft

Cybersecurity Coalition (2)

Ross Nodurft

DHMSM

John Keane

Dustin Hoffman

Dustin Hoffman

Eclypsium

John Loucaides

Enterprise Cloud Coalition

Andrew Howell

Ericsson (1)

Jason Boswell

Ericsson (2)

Jason Boswell

Ericsson (3)

Jason Boswell

Extrahop Networks (1)

Ted Driggs

Extrahop Networks (2)

Edward Wu

FDA

Kevin Fu

Finite State

Eric Greenwald

Firedome

Sharon Mirsky

GitLab (1)

Julia Lake

GitLab (2)

Julia Lake

GitLab (3)

Julia Lake

GitLab (4)

Julia Lake

Google (1)

Eric Brewer

Google (2)

Eric Brewer

Google (3)

Eric Brewer

Google (4)

Eric Brewer

GrammaTech, Inc. (1)

Alexey Loginov

GrammaTech, Inc. (2)

Eric Schulte

GrammaTech, Inc. (3)

Paul Anderson

Green Hills Software

Robert O'Dowd

IBM

Sean Quinn

IBM & Kryptowire

Chris Gogoel

Idaho National Lab

Virginia Wright

in-toto team

Santiago Torres-Arias

Intel

Marcela Melara

Interos

Stuart Phillips

Ion Channel (1)

John Scott

Ion Channel (2)

John Scott

ISA (ISAGCA)

Andre Ristaino

Israel National Cyber Directorate (CyberIsrael)

Yosi Aviram

ISTARI

Joe Hubback

ITI

Alexa Lee

John Overbaugh

John Overbaugh

JPMC

Rao Lakkakula

Kantara Work Group

Tom Jones

Mastercard

Simon Hunt

McAfee

Kent Landfield 

Micro Focus (1)

David Wray

Micro Focus (2)

Chris Miyata

Micro Focus (3)

Alexander Hoole

Microsoft (1)

Janet Jones

Microsoft (2)

Janet Jones

Microsoft (3)

Janet Jones

Microsoft (4)

Janet Jones

Microsoft (5)

Janet Jones

MongoDB

Michael Hanchak

National Science Foundation

Sandip Roy

NIST (Systems Engineering Group, EL)

Allison Barnard Feeney

NowSecure (1)

Jeff Miller

NowSecure (2)

Jeff Miller

NowSecure (3)

Jeff Miller

NowSecure (4)

Jeff Miller

NowSecure (5)

Jeff Miller

Onapsis

Brian Gallagher

OWASP

Andrew van der Stock

Palo Alto Networks

Coleman Mehta

PNNL (1)

Jessica Smith

PNNL (2)

Jessica Smith
Princeton University and Stevens Institute of Technology Lennart Beringer
David Naumann

RapidFord

Russ

Raytheon BBN Technologies

Matthew Gillen

Raytheon Technologies

Sam Salinas

Red Hat

Mark Bohannon

ReversingLabs

Mario Vuksan

Rockwell Automation

Shoshana Wodzisz

RunSafe

Dave Salwen

SAE International: Cyber Physical Systems Security Committee

Judith Ritchie

SAFECode

Steve Lipner

Sailpoint

Michael Borden

Sandia National Laboratories (1)

Philip Johnson-Freyd

Sandia National Laboratories (2)

Vincent Urias

Sandia National Laboratories (3)

Vincent Urias

Saviynt

Andrew Whelchel

SBOM Special Interest Group

Dick Brooks

Schneider Electric

Trevor Rudolph

Secure Code Warrior (1)

Matias Madou

Secure Code Warrior (2)

Matias Madou

Security Compass

Altaz Valani

SecurityScorecard

Sachin Bansal

sFractal Consulting

Duncan Sparrell

Sonatype (1)

Stephen Magill

Sonatype (2)

Elissa Walters

Splunk Inc.

Shannon Davis

Synopsys (1)

Tim Mackey

Synopsys (2)

Tim Mackey

Synopsys (3)

Tim Mackey

Synopsys (4)

Tim Mackey

Synopsys (5)

Tim Mackey

Telecommunications Industry Association (TIA)

Melissa Newman

The Linux Foundation (1)

David Wheeler

The Linux Foundation (2)

David Wheeler

The Linux Foundation (3)

David Wheeler

The Linux Foundation (4)

David Wheeler

The Linux Foundation (5)

David Wheeler

The Open Source Initiative (OSI)

Simon Phipps

UL

Gonda Lamberink

Uleska

Gary Robinson

University of Connecticut

John Chandy

University of Wisconsin - Madison (1)

Barton Miller
Elisa Heymann

University of Wisconsin - Madison (2)

Barton Miller
Elisa Heymann

Venafi & Veracode

Eddie Glenn

Veracode

Chris Wysopal

Vigilant Ops

Ken Zalevsky
Virginia Polytechnic University and Old Dominion University Abdul Rahman
Sachin Shetty

Washington State University

Sandip Roy

workday

Chandler Morse

 

Information technology and Cybersecurity
Created June 6, 2021, Updated March 20, 2023