"Gathering Momentum: 3 Steps Forward to Expand SBoM Use"

According to a recent ReversingLabs study conducted by Dimensional Research, less than a third of companies today use Software Bills of Materials (SBoMs). Half of those said the process of creating and reviewing SBoMs involves manual steps, which is a time-consuming task when there could be thousands of lines of code in the mix. SBoMs, according to security experts, are foundational in understanding and managing software supply chain risks. Most software engineering teams have been pushed by modern development practices to avoid reinventing the wheel when building common functions into their software and instead use open source libraries and packages that the community has already developed. This speeds up their work and improves predictability, but if there is no governance or visibility into which components they use, the risk from vulnerabilities can quickly become unmanageable. SBoMs assist development teams in understanding what code is running under the hood of their applications and in determining when underlying components are vulnerable. Given the low prevalence of SBoMs reported by ReversingLabs survey participants, it is not surprising that almost half of them admitted to being unprepared to protect their software against supply chain attacks. This article continues to discuss the lack in the adoption of SBoMs as well as three different initiatives aimed at increasing the rate at which SBoMs are generated and improving the effectiveness in how organizations use them to protect their software.

Dark Reading reports "Gathering Momentum: 3 Steps Forward to Expand SBoM Use"