The Power of Post-Production SBOMs
GrammaTech, Monday, August 7,2023
The use cases and lifecycle of Software Bills of Materials (SBOM) are starting to coalesce as software organizations begin making them working artifacts.
The White House Cybersecurity Executive Order (EO 14028) initiated a push to improve software supply chain security for software vendors and the federal government. However, the impact is being felt across industries, such as medical device software, where improved security and, particularly, software supply chain security, are becoming key requirements.
This post looks at the lifecycle of the SBOM in the context of the SDLC, pre-and post-production SBOMs, how they differ, and how to apply binary versus source code software composition analysis (SCA).