A Software Bill of Materials Is Critical for Comprehensive Risk Management

Excerpt

Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets and risks without knowing the software’s contents, origins, and history of changes and who made those changes.

A solution to this problem is to provide customers with a Software Bill of Materials (SBOM).

Dr. Georgianna Shea is the chief technologist of the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies (FDD). For more analysis from Georgianna and CCTI please subscribe HERE. Follow FDD on Twitter @FDD and @FDD_CCTI. FDD is a Washington, DC-based, nonpartisan research institute focusing on national security and foreign policy.