Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets and risks without knowing the software’s contents, origins, and history of changes and who made those changes.
A solution to this problem is to provide customers with a Software Bill of Materials (SBOM). The SBOM identifies the component software and . . .