The Cybersecurity and Infrastructure Security Agency has released a report outlining and describing the various parties and phases of the Software Bill of Materials sharing lifecycle.
Seeks to assist users in executing a phase of the SBOM sharing lifecycle, the SBOM Sharing Lifecycle Report helps choose sharing platforms based on resources, effort, subject matter expertise and access to tooling, CISA said Monday.
The document details the Discovery, Access and Transport phases of an SBOM and how an SBOM transitions from the author to the consumer.
The CISA report outlines how potential enrichment activities may be carried out on an SBOM to develop a new product before or after it has been shared and recommends that the SBOM community facilitate SBOM sharing and adoption by considering efforts to make existing and future sharing platforms interoperable with each other.
The agency said the document is intended to help readers understand the current landscape by highlighting results of an SBOM sharing survey gathered through interviews with stakeholders.
It “captures industry efforts to create private sharing solutions and services that can store and transport enrichment data and may use higher sophistication features that are cloud-based or use distributed ledger technologies,” per the executive summary.