What is a Software Bill of Materials (SBOM)?
Software programs today frequently have a long list of third-party components. To maintain security and performance, companies must carefully track and manage each one.
To monitor these components, software engineers often use a software bill of materials (SBOM). This machine-readable list contains all of the various items and dependencies contained in a piece of software.
Keep reading to learn why SBOMs are important and, specifically, how you can use them to improve the way your company develops and maintains software.
What Is a Bill of Materials?
A term found in the manufacturing industry, a bill of materials (BOM) tracks components, parts, and raw materials present in items like cars, electronics, and food products. A BOM essentially serves as a production roadmap, detailing every component’s journey across the supply chain.
By using a BOM, a company can quickly identify and remediate production issues. For example, when a defective Takata airbag was found back in 2016, car manufacturers were able to track all affected vehicles thanks to the record of parts contained in the BOM. With this data, manufacturers could quickly see a list of affected parts and issue a recall alert.
In short, BOMs improve safety and performance and expedite issue resolution.
How BOMs Apply to Software Engineering
Most software today contains a complex array of third-party software components, both proprietary and open source. When working with a complicated set of parts, it’s critical to keep a running list of all items and source locations.Otherwise, you’ll have a much harder time monitoring the components you’re using, which can result in outdated or insecure code.
A software BOM, or SBOM, is a series of metadata applied specifically to software. Key information includes component names, license information, version numbers, and vendors. This reduces risk for both the producer and consumer by providing (Read more...)
*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Justin Reynolds. Read the original post at: https://blog.sonatype.com/what-is-a-software-bill-of-materials
