For a long time, cybersecurity has been increasingly known and practiced as a concept but not quite implemented in terms of policy. However, in recent years, there has been an increase of software supply chain attacks, which has led to policymakers to finally look toward solutions to generate more transparency and accountability in these software systems. In May of this year, the White House issued an executive order that attempts to increase cybersecurity protection efforts. In particular, a specific initiative that has been pushed out is the “Software Bill of Materials” or (SBOM). Related to this initiative, the House of Representative also recently passed the DHS Software Supply Chain Risk Management Act that requires contractors to identify specifically and exactly what types of libraries, modules, any other ingredients are used in their development process.
This initiative aims to target the reactive aspect of the cybersecurity domain in that these SBOMs allow companies to more easily and much earlier detect any potential areas of vulnerabilities. SBOM allows companies to integrate a much higher degree of transparency and in some ways enforce continuous assessments of security throughout the software product’s lifetime. More specifically, SBOM also allows more insight and protection into supply chains from one dependent to another.
