Building A Better Sbom
DARKReading, Tuesday, April 25,2023
Software is an important part of every business in 2023. And whether you are building it or deploying it, it's absolutely crucial you know more than the potential attackers do about the weak links in your software supply chain.
The future usefulness of software bills of materials (SBOMs) depends on their ability to conform to standards, account for the entire codebase, and allow for interoperability at enterprise scale - something our industry has struggled to do in a uniform way.
Generating an SBOM is relatively easy. But generating a comprehensive and accurate SBOM that conforms to standard specifications and allows enterprises to interoperate with them at scale can be difficult. That's why I coined the term "full Monty SBOM" to describe a comprehensive SBOM solution that provides the content and interoperability needed for its future utility for security, legal, and operational purposes.