Home » Security Bloggers Network » SBOMs for OT

SBOMs for OT

by Deb Radcliff on August 4, 2023

Software Bills of Materials (SBOMs) for OT (operational technology) are rapidly maturing—SBOM information-sharing is standardizing, and output for open-source systems is already being put to use by product development organizations.

In this show, Shift Left Academy Editor Deb Radcliff interviews Kate Stewart, VP of dependable embedded systems at Linux, and Chris Blask, vice president of strategy at Cybeats, about these and other developments related to SBOMs for OT. These experts provide real-world examples of SBOM usage for OT, explain the benefits of full supply chain visibility and DevOps workflow integration, and provide a status on standards-based SBOM sharing and lifecycle management.

Stewart oversees the open-source Linux-based Zephyr Project, which supports 450 real-time OS board builds representing six applications. She says that each of these builds generates three SBOMs. That’s a lot of SBOMs, especially when you aggregate the number of open-source components built into today’s OT applications. So, to integrate and automate SBOM portability, she points to the open-source Yocto Project, a Linux-based developer toolchain that can be ported into SBOMs at each build.

This is where SBOM lifecycle maintenance becomes a scalability problem, says Blask of Cybeats. He also points to open-source solutions, adding, “When you start looking at the scale of everything problem, that’s where the DBoM Project [Digital Bill of Materials] provides some plumbing.” This is also why intermediaries like Cybeats are developing standards-based platforms for storing, managing, and accessing SBOM data.

Join us for more insights and education.

Resources and Links: