SBOMs are coming! Getting beyond the hype and consternation about SBOMs and understanding their cybersecurity benefits is critical to planning how your organization can leverage them to their best advantage.
Use of a Software Bill Of Material (SBOM) can reduce financial, personnel, and reputational risks incurred by using unknown software. It enables system engineering, acquisition, and cybersecurity teams to better understand the make-up of their critical infrastructure and to automate tasks to help assess and determine associated risk. Finally, an SBOM can be a starting point to map to other sources of information that we might care about. For example understanding the political jurisdictions of developers or looking for single-contributor Open Source Software libraries.
This paper focuses on the benefits of adopting and using an SBOM to increase software transparency, resulting in increased software component trustworthiness and overall cybersecurity.