Security News > 2021 > April > TAG Cyber highlights the need for Software Bill of Materials (SBOM)

TAG Cyber highlights the need for Software Bill of Materials (SBOM)
2021-04-19 23:45

The security research and advisory team at TAG Cyber has published a new article in its TAG Cyber Security Quarterly that makes the point that software bill of materials usage is long overdue.

"If food items on the supermarket shelf can list their ingredients, then it makes perfect sense that software driving critical business and infrastructure functions should do the same," explained Stan Quintana, analyst at TAG Cyber and former head of Business Continuity and Disaster Recovery services at AT&T. What is an SBOM. The concept of an SBOM is quite simple: It is a listing of the components used in the code base for some piece of software.

During recent discussion with the TAG Cyber analysts, Allan Friedman agreed with the challenge of supporting an SBOM: "We understand that it is easy to talk about SBOM," he shared, "But more difficult to actually build and use them."

Security, software, or procurement teams in enterprise can help to advance the SBOM approach by just initiating the discussion with their software providers.

Software vendors listen to their customers - so any reference to SBOM in the context of a commercial relationship will help to drive adoption.

"We are certain that SBOM will help to address many of the weaknesses in supply chain security for software," explained Katie Teitler, lead analyst at TAG Cyber.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/YomK-h511U4/