Software Bill of Materials

A software bill of materials (SBOM) is a component list in a software piece. The software vendors are known to create products by gathering open-source and commercial software components. The SBOM helps in explaining the product components.

Having SBOMs can help companies dodge software consumption which can harm the organization. The BOM concept is a well-established concept in traditional manufacturing. BOM is used by the manufacturer for tracking the parts it uses for the creation of a product. If any defects are found later in the specific part the BOM makes it easy for locating the affected products.

Usage

Both the builder (manufacturer) and the buyer (customer) of a software product benefits from the SBOM. Builders often influence the accessible open-source and third-party software components for creating a product. The SBOM provides the builder with the opportunity to ensure the components are updated and respond faster to the new exposures.

Many companies use a Microsoft Excel document for general BOM management. However, there are extra risks and issues in an SBOM that gets written to a spreadsheet. SBOMs are of higher value when they are collectively stored in a source that can be a part of other automation systems which can get enquired by other applications.

Understanding the software supply chain, attaining an SBOM, and consuming it to analyze known vulnerabilities are necessary for the management of risk.

Legislation

The US Legislation Cyber Supply Chain Management and Transparency Act of 2014 suggested the agencies acquire SBOMs for any new products they buy. However, it didn’t pass, but, this act brought the required awareness to the government. It later encouraged legislation such as “Internet of Things Cybersecurity Improvement Act of 2017.”

The US Executive Order on the improvement of the Nation’s Cybersecurity of May 12, 2021, provided order to NIST. This order included the issuance of guidance within 90 days to “include standards, procedures, or criteria regarding” various topics to “enhance the security of the software supply chain” which included “providing a purchaser a Software Bill of Materials (SBOM) for every product.” Also instructed within 60 days was for NTIA for publishing minimum elements for an SBOM.

The NTIA minimum elements got published on July 12, 2021. It describes that SBOM use cases for better transparency in the software supply chain. And should also lay out choices for evaluation in the future.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

SUBSCRIBE NOW: 60 Day Free Trial

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.