A Software Bill of Materials (SBOM) is a nested list of the ingredients in a software package and it is becoming the key tool in the fight to reduce risks to the software supply chain. The NTIA (National Telecommunications and Information Administration) has defined an SBOM as:
Attempting to manually compile an SBOM would be costly, time-consuming, and prone to errors. With FACT you can:
The regulatory landscape is rapidly expanding in the wake of high-profile supply chain cyber attacks like SolarWinds and Kaseya.
Now that SBOMs have been defined and mandated for US government agencies, purchasers of critical software are also expecting vendors to disclose the contents of their products through SBOMs.
Eric Byres presents "Lurking Beneath the Surface" at the 2020 Security Week ICS Cyber Security Conference, sharing research from Ron Brash and the aDolus team on creating derived SBOMs for ICS software.
Eric Byres explains how SBOMs are key to securing the software supply chain.
aDolus and OSIsoft jointly presented the FACT solution at an NTIA (National Telecommunications and Information Administration) sponsored event on SBOMs.