The National Security Agency and the Cybersecurity and Infrastructure Security Agency led the release of guidance to help global players software supply chain manage their bill of materials.
The new technical report on cybersecurity was prepared by the public-private Enduring Security Framework Software Supply Chain Working Group, which is overseen by the security agencies, NSA said Thursday.
The document provides best practices for operationalizing and scaling the use of software BOMs, supply chain risk scoring, and automated sharing and exchange of SBOMs. It is expected to improve communication within the hierarchy of cybersecurity teams to increase software resilience from development to end use.
“Essentially, SBOM provides critical software transparency for improved patch and vulnerability management for customers and to potentially mitigate supply chain risk,” said Jorge Laurelhead of the NSA’s Enduring Security Framework.