The NIST-published guidance for complying with the Cybersecurity Executive Order, asks makers of commercial off-the-shelf (COTS) and government off-the-shelf (GOTS) software to: “Collect, maintain, and share provenance data for all components and other dependencies of each software release (e.g., in a Software Bill of Materials [SBOM]).”
In short, every software supplier to federal agencies now has two deliverables - the software and a Software Bill of Materials.
In this paper, you will learn:
• Why SBOMs have taken center stage for managing supply chain risk
• How SBOM requirements have evolved beyond just open source
• What it takes to make SBOM generation part of daily activities