"The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain"

Those responsible for managing software systems must think about third-party software dependencies and risks in new ways and team up with business experts to develop new techniques for identifying and handling potential risks. A Software Bill of Materials (SBOM) can help with these tasks. Carnegie Mellon University Software Engineering Institute (SEI) researchers have highlighted their work on building upon SEI's Acquisition Security Framework for Supply Chain Risk Management (SCRM) and tailoring it for third-party software management. Their work resulted in the SEI SBOM Framework. This article continues to discuss software and supply chain cybersecurity challenges, opportunities for SBOM use, and the SEI SBOM Framework. 

Carnegie Mellon University Software Engineering Institute reports "The SEI SBOM Framework: Informing Third-Party Software Management in Your Supply Chain"

Submitted by grigby1

Submitted by Gregory Rigby on