CISA provides community-led guidance on SBOM sharing roles, responsibilities through working group paper

The Cybersecurity and Infrastructure Security Agency has published a white paper on how specific members of the software community should approach sharing a Software Bill of Materials, as part of the agency’s community-led efforts to tackle challenges in the software transparency space.

The paper offers a definition for a new “distributor” role in the SBOM sharing process and was developed by the SBOM sharing and exchanging community group facilitated by CISA.

The working group identifies in the white paper...