No more typing reviews! Try our Samantha, our new voice AI agent.

How to use Software Bill Of Materials (SBOM) to protect the supply chain from cyberattacks?

Hello,

How can an organization use SBOM to prevent some supply chain cyberattacks? Can you share any practical examples? 

What tools can be used for this purpose?

EB
Evgeny Belenky
Director of Community at PeerSpot (formerly IT Central Station)
  • 2
  • 24
FollowingFollow
Share
PeerSpot user

2 Answers

Last answered Jan 17, 2022
ZvikaRonen - PeerSpot reviewer
ZvikaRonen
Chief Technology Officer at FOSSAware
Real User
Top 20
Jan 17, 2022

It depends, if the organization creates its software, then SBOM shell be used to monitor new vulnerabilities in order to fix on time and alert the customers.


If the organization is only using the software (supply chain) they should ask, for their critical software, the vendor to provide SBOM in a format that allows self-check of vulnerabilities (zero trust). For non-critical software, the company should address the responsibility in the software procurement agreement. Who is responsible to monitor vulnerabilities, alerting/Fix/mitigation SLA, etc...
A recommended free tool for SBOM tracking is Dependency-Track which can handle SBOM files in the CyclonDX format. There are other formats like SPDX and other tools (some open source and some - commercial).


The most important thing to remember is that SBOM builds trust between SW vendors and consumers. All sides should be alert to a new 0-day that becomes a known vulnerability and protect their customers.

Like(2)
Reply
Search for a product comparison in Supply Chain Management Software
Go!
EB
Evgeny Belenky
Director of Community at PeerSpot (formerly IT Central Station)
Real User
Jan 11, 2022

Hi @ZvikaRonen, possibly you have any inputs/insights in relation to this question?

Like(0)
Reply
Compare products
Go!

Related categories

EDI
Transportation Management
Static Application Security Testing (SAST)

Related Q&As

May 26, 2024
Why is Supply Chain Management Software important for companies?
Sep 20, 2023
What is Software Bill of Materials (SBOM)?

Supply Chain Management Software experts

Francisco Javier Vergara - PeerSpot reviewer
Francisco Javier Vergara
SecOps Engineer at IriusRisk
Henry Mwawai - PeerSpot reviewer
Henry Mwawai
Security Consultant | Application Security at Jowatechs
Manjunath Maneppagol - PeerSpot reviewer
Manjunath Maneppagol
Cloud & Application Security at Sixt SE
Mohammed Alsayaghi - PeerSpot reviewer
Mohammed Alsayaghi
IT System, Security and Network Manager at Cooper Pharma Arabia
YE
Yacov Elgad
Head of Data Delivery at Teva Pharmaceuticals
reviewer2843892 - PeerSpot reviewer
reviewer2843892
Manager, Supply Chain at a manufacturing company with 51-200 employees
reviewer2156631 - PeerSpot reviewer
reviewer2156631
Project Manager, Solution Architect and Partner at a tech services company with 1-10 employees
reviewer2773773 - PeerSpot reviewer
reviewer2773773
VP Partnership at a tech vendor with 11-50 employees
Join the PeerSpot community