[CDP-development] CISA Releases Software Bill of Materials (SBOM) Sharing Lifecycle Report

Masse, Theresa theresa.masse at cisa.dhs.gov
Mon Apr 17 15:03:29 PDT 2023 

FYSA



Today, CISA released the Software Bill of Materials (SBOM) Sharing Lifecycle Report<https://www.cisa.gov/resources-tools/resources/software-bill-materials-sbom-sharing-lifecycle-report>. Co-sponsored with  the U.S. Department of Energy (DOE) Cybersecurity, Energy Security, and Emergency Response (CESER), the report highlights the currently used solutions for sharing SBOMs and assists readers in considering appropriate solutions depending on their needs concerning the discovery, access, and transport of SBOMs.



An SBOM is a key building block in software security and software supply chain risk management. As SBOM adoption efforts mature, and SBOM sharing continues to occur, no single solution or set of solutions have become ubiquitous. The SBOM sharing lifecycle consists of the Discovery, Access, and Transport of an SBOM, and this report details these individual phases and how an SBOM goes from author (the individual(s) who create an SBOM) to the consumer (the individual(s) who receive the SBOM, such as third parties, authors, integrators, and end users).



Interoperability between existing and future solutions should be a priority to avoid a variety of SBOM sharing solutions being created that cannot cooperate in the larger supply chain. This report also highlights SBOM sharing survey results obtained from interviews with stakeholders to understand the current SBOM sharing landscape.


Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D9713D.B5F69480]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230417/82ee3beb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230417/82ee3beb/attachment-0001.png>

More information about the CDP-development mailing list