Today I am thrilled to share that Allan Friedman is joining Manifest as a Strategic Advisor. Aside from being a good friend and former colleague of mine, Allan is known around the world as the ‘godfather of SBOMs,’ referring to the software bill of materials concept that he has been doggedly promoting for more than half a decade. He and I share a common outlook on the state of cybersecurity, the lack of transparency in technology, and the need to raise the bar on software suppliers to write more secure software. Without Allan’s work, Manifest would not be in the strong position it is now.
Why Allan
The story that I’ve heard is that the modern incarnation of SBOMs came up in conversation with Allan, and fellow cybersecurity + policy experts Josh Corman and Alex Romero. But an idea without motion or adoption is just that, an idea. Starting with his diligent work at NTIA, where he stood up the first SBOM working group, Allan and worked tirelessly to bring SBOMs to CISA, write SBOMs into major Executive Orders and US government policies, and align global regulators and lawmakers on the value and framing of SBOM policies.
Allan possesses an invaluable wealth of knowledge and experience around software supply chain security, and how both industry leaders and global policymakers understand and act on that topic. He also knows the pain points that many security practitioners have in actually adopting SBOMs and implementing SBOM programs. It’s not enough to just generate or store these machine-readable (i.e., not human-readable) bits of data.
As Manifest continues to expand our customer base across different industries and engage with policymakers around the world, Allan’s experience will go far to push Manifest to new heights.
How Our Paths Crossed
I first met Allan while researching medical device cybersecurity at the Aspen Institute. While I was learning about the gaps and pain points in healthcare security, Allan first introduced to me the concept of the SBOM, and explained why SBOMs matter for patient safety and critical systems. We collaborated and stayed in touch during my time at CISA, where we partnered on Secure by Design initiatives and he supported my work leading the Cross Sector Cybersecurity Performance Goals. After I co-founded Manifest, we continued our professional collaboration, comparing notes on how to make SBOMs usable and easier to adopt. I’m proud that our friendship and partnership has spanned nearly half a decade.
What Allan Will Help Manifest Do
- Keep Manifest aligned with the various global SBOM community, including open source and standards bodies
- Translate policy into product, so requirements become workflows that teams actually use
- Grow partnerships that speed adoption across the public sector and critical infrastructure
- Support Manifest’s engagement with policymakers around the world, developing smart and aligned regulations for software and AI security
- Partner on Manifest’s long-term vision, especially as it pertains to hardware BOMs and hardware supply chains
“Working with CISA and helping to build a global community around SBOM showed what’s possible when we focus on transparency. As an advisor to Manifest, I’m excited to translate those lessons into products that help organizations have real visibility into the AI and software they rely on, so they can build, ship, and buy with confidence.” — Dr. Allan Friedman, Former Technical Advisor & Strategist, CISA
The Manifest Roadmap
Manifest is building the central clearinghouse for software and AI supply chain risk. That starts with SBOMs and AIBOMs, and it extends to cryptography, binaries, firmware, AI components, and other software and AI artifacts. Manifest is laser focused on building intuitive, easy to deploy products that help our users identify risk, save time, and maintain a more secure enterprise. With Allan’s help, we are sure to continue that promise to our customers.
If you want to see what we are building, reach out. If you are part of the SBOM community, we would love your feedback and your toughest test cases. Welcome aboard, Allan. We are lucky to have you, and we are ready to get to work.
