The Growing Importance of the SBOM Movement
As organizations develop new and more complex software, the software development space has garnered more government attention. The SBOM, or Software Bill of Materials, has emerged as an integral part of software development and supply chain management best practices.
The evolving software supply chain ecosphere is a big topic with more than a few moving parts. Here's a deeper dive into LTAPod #4, where we explore SBOMs and how they can make software more secure by helping software companies manage risk with greater ease.
The rising importance of SBOM
“Use of SBOMs has picked up dramatically in the last six months.”
From an infrastructure point of view, a "Bill of Materials" is an inventory listing and explaining all the components used in the building process. Sales teams use these docs to present their products to customers via a template of materials to be used to make the business-friendly solution they need.
SBOMs work similarly for software, and are getting increasingly popular as more and more companies look to more efficiently consolidate their data in an inventory that provides greater visibility into a software product's composition.
A way to assess the risks of third-party services in development
For Mark, SBOMs are all about the software that is being consumed in the development process: be it a third-party service or an external dependency being leveraged. As developers may not have access to a third-party service’s code, they must be able to assess the risk by ingesting the bill of materials of that software provider. From there, vulnerabilities can more easily be detected and remediated.
Gaining more visibility into commercial tools used by companies in-house
Most companies use commercial, off-the-shelf tools to manage their internal processes; like Salesforce or Hubspot for marketing, or Cerner’s products for healthcare. With the majority of companies relying on these tools for their day-to-day operations, there needs to be visibility into how they are built. So, while SBOMs may be currently nascent, they will likely become a very important part of the sales process going ahead, and then eventually in the implementation phase—with more buyers requesting SBOMs so they can comply with regulations and better manage their third-party risk.
SBOM: An integral part of the software development landscape going ahead
“When you have the government talking about how we need to be focused on SBOMs, it has larger repercussions on what we do day-to-day.”
As more companies grow to rely on different software for their operations, government regulations are on the horizon; and their task forces are hot on the case. US policy makers have emphasized the importance of SBOMs in a world where digitalization and software applications are having a tangible impact on the physical world, most crucially in infrastructure and industry. Moving forward, the SBOM is bound to become a standard software development, implementation and sales practice for all modern organizations.
To hear more of our thoughts on the SBOM movement, tune into the full conversation between Mark and I in this episode of 𝙇𝙚𝙩'𝙨 𝙏𝙖𝙡𝙠 𝘼𝙥𝙥𝙎𝙚𝙘𝙊𝙥𝙨.