2021-09-30T04:34:00Z

How to use Software Bill Of Materials (SBOM) to protect the supply chain from cyberattacks?

EB
  • 2
  • 10
PeerSpot user
2

2 Answers

ZvikaRonen - PeerSpot reviewer
Real User
Top 5Leaderboard
2022-01-17T20:43:28Z
Jan 17, 2022

It depends, if the organization creates its software, then SBOM shell be used to monitor new vulnerabilities in order to fix on time and alert the customers.


If the organization is only using the software (supply chain) they should ask, for their critical software, the vendor to provide SBOM in a format that allows self-check of vulnerabilities (zero trust). For non-critical software, the company should address the responsibility in the software procurement agreement. Who is responsible to monitor vulnerabilities, alerting/Fix/mitigation SLA, etc...
A recommended free tool for SBOM tracking is Dependency-Track which can handle SBOM files in the CyclonDX format. There are other formats like SPDX and other tools (some open source and some - commercial).


The most important thing to remember is that SBOM builds trust between SW vendors and consumers. All sides should be alert to a new 0-day that becomes a known vulnerability and protect their customers.

Search for a product comparison in Supply Chain Management Software
EB
Community Manager
2022-01-11T12:17:17Z
Jan 11, 2022

Hi @ZvikaRonen, possibly you have any inputs/insights in relation to this question?

Compare products