Why SBOMs aren’t the silver bullet they’re portrayed as

2022-07-20 04:30

A Software Bill of Materials, often shortened to the acronym SBOM, is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships.

SBOMs aren't the silver bullet they're portrayed as.

While it's helpful to know the "Ingredients" of software, that knowledge doesn't necessarily protect a system from malware or a breach.

The goal of SBOMs is less about proactive and reactive security measures, but rather to provide transparency of components delivered by participants in a software supply chain.

If the ultimate goal is security, that comes with understanding of the software in a system via SBOM and understanding of how the network is organized.

SBOMs can provide supply chain visibility, but should a system be compromised, it's technology like micro-segmentation that would contain the blast radius.

News URL

https://www.helpnetsecurity.com/2022/07/20/software-bill-of-materials-sbom-video/