Software bills of materials (or SBOMs) have been all over the news this year. Here’s a quick refresher on how that came to pass:
Last year, the White House issued cybersecurity executive order 14028 in response to rising software supply chain attacks. The executive order stated that the National Institute of Standards and Technology (NIST) would be issuing guidance regarding the practices organizations will need to comply with to ensure the security of the software supply chain, one of which included providing a software bill of materials (SBOM) for any software product sold to the US government.
In September of this year, the U.S. government’s Office of Management and Budget (OMB) released memorandum M-22-18 which specified that agencies may require a software bill of materials (SBOM) from third party providers, “based on the criticality of the software.”
SBOMs are considered one of the first steps into gaining insight into the open source an organization is using. However, SBOMs are only the beginning. Once you have your SBOM with its lists of transitive dependencies, what comes next?
Join us Tuesday, Nov. 15 at 3 p.m. ET for a fireside chat when Tidelift CEO and co-founder Donald Fischer will be sitting down with Andy Ellis, former Chief Security Officer at Akamai turned startup advisor and investor. Together they’ll be discussing the true consequences of SBOMs; once you generate an SBOM, what are you going to do with it? They’ll also be discussing the ways to truly make your software more secure.
You can register for the webinar here and join us on Tuesday, November 15 at 3 p.m. ET / 12 p.m. PT.