Security News > 2021 > June > Cybersecurity Leaders Scramble to Decipher SBOM Mandate

The National Telecommunications and Information Administration has been busy issuing technical documentation, corralling industry feedback, and proposing the use of existing formats for the creation, distribution and enforcement of SBOMs. This flurry of activity has sent cybersecurity buyers and sellers scrambling to understand the downstream ramifications but, for Sounil Yu, a security veteran with leadership stints at Bank of America, YL Ventures and now JupiterOne, the energy around SBOMs is long overdue.
Robert M. Lee, co-founder and chief executive at industrial cybersecurity vendor Dragos, agrees that SBOMs could provide major benefits to both buyers and sellers but cautioned that it will be "Extraordinarily hard to operationalize" once SBOMs identify weaknesses deep in the chain.
SBOM at a glance - an introduction to the practice of SBOM, supporting literature, and the pivotal role SBOMs play in providing much-needed transparency for the software supply chain.
A two-page overview provides high-level information on SBOM's background and eco-wide solution, the NTIA process, and an example of an SBOM. A series of SBOM Explainer Videos on YouTube.
The Linux Foundation also published a new SBOM survey highlighting the current state of industry practices to establish benchmarks and best practices; a new SBOM training course on Generating a Software Bill of Materials to accelerate adoption; and SBOM tools to enable software development teams to create SBOMs for their applications.
The open-source group also released SPDX SBOM generator, a command-line tool used to generate SBOM information, including components, licenses, copyrights, and security references of applications.