From the Fall 2021 Issue

A Software Bill of Materials Is Critical for Comprehensive Risk Management

Dr. Georgianna Shea
Chief Technologist for Center on Cyber and Technology Innovation and TCIL | The Foundation for Defense of Democracies

Executive Summary
Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets and risks without knowing the software’s contents, origins, and history of changes and who made those changes.

A solution to this problem is to provide customers with a Software Bill of Materials (SBOM). The SBOM identifies the component software and . . .

Leave a Comment