The National Security Agency and the Cybersecurity and Infrastructure Security Agency led the publication of guidelines to help players in the software supply chain manage their bill of materials.
The new cybersecurity technical report was formulated by the public-private Enduring Security Framework Software Supply Chain Working Group, which are overseen by the security agencies, NSA said Thursday.
The document includes best practices in operationalizing and scaling the use of software BOMs, supply chain risk scoring and automated sharing and exchanging of SBOMs. It is expected to improve communication throughout the hierarchy of cybersecurity teams to increase software resilience from development to end use.
“Fundamentally, SBOM provides critical software transparency for improved patch and vulnerability management for customers as well as potentially mitigate supply chain risks,” said Jorge Laurel, chief of NSA’s Enduring Security Framework.