Open source groups identify areas for refinement in CISA update to SBOM minimum elements report

Stakeholders in the open source community are providing advice on areas where more clarification would be helpful in a proposed update to a Software Bill of Materials minimum elements guide developed by the Cybersecurity and Infrastructure Security, in filings submitted in response to a request for information.

“The report (2025 Minimum Elements for a Software Bill of Materials (SBOM)) appropriately requires new SBOMs for each software version and when new component details are discovered. However, it should address the reality...