Software industry leader BSA raises cautionary notes on codifying use of SBOMs

Policymakers should slow the “rush to codify” a requirement for vendors to produce a Software Bill of Materials, according to BSA-The Software Alliance, which says SBOMs can be a useful tool for improving supply chain cybersecurity but won’t provide “a silver bullet” and still need more work before they are mandated in contracts.

“Too many policymakers incorrectly assume that 1) SBOMs and supporting materials are ready for use, if policymakers incentivize a vendor to provide one; 2) organizations, including US...