March 29, 2024
Daily News
Cyber Safety Review Board report proposes additional work to make ‘SBOM’ functional
The inaugural report from a public-private board tasked with reviewing the Log4j vulnerability found more work is needed to make Software Bill of Materials useful for software supply chain incident response.
“Software Bills of Materials (SBOMs) provide a list of components included in software, and theoretically should enable organizations to identify vulnerable software components in their environments. The Board spoke with representative groups for organizations currently using SBOMs in their environments, and none reported having leveraged them to identify vulnerable...