The state of software bill of materials: SBOM growth could bolster software supply chains

Home IT Asset Management Open Source Software Risk & Audit Software

by | February 3, 2022

A new report from the Linux Foundation shines a light on the progress and adoption of software bill of materials (SBOMs), at a time when private and public bodies alike are striving to expedite the responses to newly-discovered vulnerabilities.

An SBOM is basically machine-readable metadata that serves up the full list of “ingredients” contained in an application, detailing all the proprietary and open source libraries, modules, and APIs. Crucially, it should also highlight the relationship across all components and dependencies — with this inventory in place, it’s easier to track and trace components used through the software supply chain and identify vulnerabilities.

While SBOMs are far from the whole solution for software supply chain security, they go some way toward bringing more visibility to the mix.

The Software Bill of Materials (SBOM) and Cybersecurity Readiness report was produced by the Linux Foundation in partnership with the Open Source Security Foundation (OpenSSF), OpenChain, and the Software Packet Data Exchange (SPDX). It is touted as the “first in a series of research projects” that strives to “understand the challenges and opportunities for securing software supply chains.”

The report found that 82% of those surveyed are familiar with the term SBOM, while 76% have at least some degree of SBOM “readiness.” And while just 47% were actively using (producing or consuming) SBOMs in 2021, this figure is predicted to rise to 78% in 2022 and nearly 90% by the year after.



Subscribe To Our Newsletter

Subscribe To Our Newsletter

ITAM Channel brings the best news and views from the ITAM industry. Sign up for the newsletter and get them straight to your inbox

You have Successfully Subscribed!