What is an SBOM?

Shane Coughlan, General Manager of OpenChain, elaborated on this question following the National Telecommunications and Information Administration (NTIA) request to define a minimum Software Bill of Materials (SBOM).

From NTIA’s SBOM FAQ, a “Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules that are required to build a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access.” SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.

The ISO International Standard for open source license compliance (ISO/IEC 5230:2020) requires a process for managing a bill of materials for supplied software. This aligns with the NTIA goals for increased software transparency and illustrates how the global industry is addressing challenges in this space. For example, it has become a best practice to include an SBOM for all components in supplied software, rather than isolating these materials to open source.

Read the full article here

Comments are closed.