Software Bill of Materials(SBOM)-Part 1

Understanding the broken links in the software supply chain

What is SBOM?

Think of a Software Bill of Materials (SBOM) as a shopping list for computer programs. It lists all the things a program is made of, helping to keep it safe and reliable. A Software Bill of Materials (SBOM) is a list that shows what’s inside a computer program, like ingredients in a recipe. It helps keep the program safe by making sure all its parts are known and secure. SBOMs are becoming more important as they help protect against cyber threats and ensure software is trustworthy.

BOOM + BOOM + BOOM ===> SBOM

Why do we need one?

You need an SBOM to ensure the security and integrity of your software. It provides transparency into the components and dependencies of a program, helping you identify and manage vulnerabilities, comply with regulations, track the software supply chain, and efficiently address updates, ultimately reducing the risk of security breaches and supply chain attacks.

In December 2021, a critical vulnerability was discovered in the widely used Apache Log4j 2 library, known as CVE-2021–44228. This library is utilized in countless software applications to handle logging, and the vulnerability poses a severe security threat.

--

--

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.