December 13, 2023 | Washington Technology
Validating the integrity of IT products’ supply chain has been a critical part of cybersecurity for years. Historically, hardware bill of materials were scrutinized by federal agencies to ensure that their products contained components from trustworthy sources. In the wake of major data breaches caused by malicious code injected during the software development process, the same scrutiny is now being applied to software. Enter the advent of the Software Bill of Materials (SBOM)—a term that has been a frequent topic of conversation since the National Cyber Strategy was released.
While an SBOM is an important part of the cybersecurity mix, it’s essentially a checkbox to mark – an important part of the vetting process, but not a fix in itself.
As more emphasis is placed on SBOMs, it’s essential that both agencies and vendors keep in mind that what we’re talking about here is essentially an ingredient list for software security. It’s not to be confused with the recipe.