Today, in collaboration with international partners, we have released guidance to inform organisations who procure, produce or operate software about the advantages of integrating a Software Bill of Materials (SBOM). Widespread adoption of SBOM will strengthen security, reduce risk, and decrease costs.
An SBOM is a formal record of the details and supply chain relationships of various components used in building software – like a ‘list of ingredients’ for software. SBOMs help address challenges in securing software because they provide visibility of the components of software.
Identifying and responding to vulnerabilities is a key step in the development of secure software and limiting risks throughout the software lifecycle. Using an SBOM means organisations can respond to vulnerabilities quicker and more efficiently with tailored mitigations to address specific risks.
With SBOM data, software producers and operators can map the software’s dependencies to relevant lists of existing vulnerabilities and track new vulnerabilities that may arise.
An SBOM also documents information about software dependencies, enabling greater visibility across an organisation’s software supply chain and enterprise system. This allows organisations to improve:
- risk management practices – particularly vulnerability management and supply chain management
- software development processes
- support an organisation’s license management.
Learn more about securing software through A Shared Vision of Software Bill of Materials for Cybersecurity.