Hungry for
SBOM ?
Exploring the software equivalent to an ingredients list By Tim Mackey
A foundational element of application security is understanding the components that make up the software that powers your business . After all , you can ’ t work to secure something you don ’ t know you ’ re using .
That is where the value of a software Bill of Materials ( SBOM ) comes in . An SBOM is an inventory of all the libraries , components and dependencies that make up a software application . You can think of it being similar to the ingredients list on any packaged food product . Say , for instance , you buy a mass-produced cheesecake from your local supermarket .
You might expect to see soft cheese , graham cracker crumbs , butter and sugar on the ingredient list ; dig a little deeper though , and you will find that some ingredients have their own list of ingredients too . In this case , graham crackers introduce flour , honey , salt , soy lecithin , soybean oil , artificial flavoring and so on , into the mix .
Now imagine we learn that one of these ingredients , say the flour used in the graham crackers , had been contaminated . To protect the public a recall should be issued , but to do so first requires knowing there is a contamination , what the source
14