SBOM Creation

Enriched Software Bill of Materials

Example of our 'Enriched' SBOM features

What is an SBOM?

A Software Bill of Materials (SBOM) is a nested list of the ingredients in a software package and it is becoming the key tool in the fight to reduce risks to the software supply chain. The NTIA (National Telecommunications and Information Administration) has defined an SBOM as:

"... a formal record containing the details and supply chain relationships of various components used in building software

... An SBOM provides those who produce, purchase, and operate software with information that enhances their understanding of the supply chain, which enables multiple benefits, most notably the potential to track known and newly emerged vulnerabilities and risks."

Generate SBOMs with a single click

Attempting to manually compile an SBOM would be costly, time-consuming, and prone to errors. With FACT you can:

  • Generate fully NTIA-compliant SBOMs with one click of a button
  • Vastly reduce the time and effort to create accurate SBOMs
  • Derive SBOMs from binaries and legacy software where source code is no longer available

Support for recognized standards

Recent work done by the NTIA on defining the minimum components of an SBOM has identified three supported formats:

SBOM Screenshot
Breakdown of an SBOM Example
SBOM Example courtesy of OSIsoft, LLC.
Regulatory Icon

Satisfy regulatory requirements

The regulatory landscape is rapidly expanding in the wake of high-profile supply chain cyber attacks like SolarWinds and Kaseya.

  • Generate fully NTIA-compliant SBOMs with one click of a button
  • Vastly reduce the time and effort to create accurate SBOMs
  • Derive SBOMs from binaries and legacy software where source code is no longer available

Meet the increasing demand for SBOMs

Now that SBOMs have been defined and mandated for US government agencies, purchasers of critical software are also expecting vendors to disclose the contents of their products through SBOMs.

  • Without an SBOM, asset owners assume all the risk associated with software. Just as occurred in the banking industry, purchasers should expect some kind of compensation for the assumption of that risk.
  • Government agencies now require SBOMs and asset owners will expect the same now that they know they're available.
  • Vendors who can supply SBOMS to customers gain a competitive advantage.
  • FACT enables vendors to quickly and securely satisfy customer requests for secure SBOMs.
Demand Icon

Learn more aboutSBOMs

WatchLurking Beneath the Surface

Eric Byres presents "Lurking Beneath the Surface" at the 2020 Security Week ICS Cyber Security Conference, sharing research from Ron Brash and the aDolus team on creating derived SBOMs for ICS software.

Watch / Read onA Case for SBOMs: An Interview with ICS Pulse

Eric Byres explains how SBOMs are key to securing the software supply chain.

From the blogNTIA Presentation on SBOMs

aDolus and OSIsoft jointly presented the FACT solution at an NTIA (National Telecommunications and Information Administration) sponsored event on SBOMs.