Home Industry News Technology Government-mandated SBOMs to throw light on software supply chain...

Government-mandated SBOMs to throw light on software supply chain security


An SBOM is effectively an ingredient list or a nested inventory, a “formal record containing the details and supply chain relationships of various components used in building software,” the EO states. The EO requires NTIA to produce three proposed minimum elements that should go into any SBOM

Data fields such as supplier name, component name, version of the component, and more. Operational considerations such as frequency of SBOM generation, depth of the dependency tree, access to SBOM data, and more

Support for automation making sure the data can be produced at scale and consumed at scale using three different data formats already standardized, including three leading file formats known as SPDX, CycloneDX, and SWID.

For some security professionals, SBOMs in a private sector organization could be a sign of the organization’s overall caliber.


Related Posts

Latest Updates