"A Nested Inventory for Software Security, Supply Chain Risk Management"

High-profile data breaches such as Kaseya and Apache Log4j continue to impact organizations, thus making software supply chain security more important than ever. A Software Bill of Materials (SBOM) consists of all the components and libraries used to develop a software application. It details all licenses, versions, authors, and more, providing greater visibility into risks and vulnerabilities. When organizations have this level of visibility, they are in a better position to identify known or emerging vulnerabilities and risks, facilitate security by design, and make informed decisions regarding software supply chain logistics and acquisition issues. This article continues to discuss SBOM elements and how organizations can benefit from them. 

CACM reports "A Nested Inventory for Software Security, Supply Chain Risk Management"