Chuck Brooks, a GovCon Expert and president of Brooks Consulting International, said public and private sector organizations can use a software bill of materials as a tool for cybersecurity risk management to help secure supply chains.
“SBOMs can allow for discovery and mitigation of software security risks early in the production cycle,” Brooks wrote in a guest piece published Monday on Forbes.
“By identification and attestation of software package components up front, SBOM can help assess unknown risks, and transition them to known risks,” he added.
He cited several government efforts aimed at advancing the use of SBOMs. These include the National Telecommunications and Information Administration’s request for public comments on minimum elements of an SBOM and the House’s decision to pass the DHS Software Supply Chain Risk Management Act of 2021 in October.
Brooks also underscored areas where SBOMs can contribute to cybersecurity postures and potential benefits of SBOMs to software suppliers and consumers.
“It is still early in the cycle of SBOM adaptation but more transparency and accountability for software security and optimization is a good thing for both the public and private sectors,” he wrote.