Home » Security Bloggers Network » Software Factories and Bills of Materials

Software Factories and Bills of Materials

by Deb Radcliff on February 23, 2023

Other manufacturing factories require bills of materials, so too, do software development factories, says Michel Genard, Board Member at Lynx Software Technologies.

Lynx Software provides platform connectivity to mission-critical systems used in manned and autonomous military applications, aerospace, and federal systems. Being a CPO in a company like this comes with its share of responsibilities for innovation AND security given the sensitivity of the type of applications supported by Lynx platforms.

In this interview, Michel Genard, Board Member at Lynx, explains how development of critical IoT applications should focus on security and safety.

“When you are manufacturing goods, a car, equipment, a printer, medications, they have a BOM (Bill of Materials), a QA manual, and other accompanying documentation. Software development is also about producing goods and we need to go through the same kind of discipline and approach,” he says. “Now that an executive order has pushed the industry to do so, the SBOM (Software BOM) will be the manifest about everything you have in your software system and where it came from.”

He also warns against thinking of the SBOM as a one and done. As threats change, the SBOM may need updating and reissuing if the software is impacted. For example, from a lifecycle point of view, maybe four years after the application was released, a new breach against that application is discovered, the software and the SBOM will need to be updated to include a repair or work around, he says.