« Previous 1 2 3

Security and automation with SBOMs

Unboxing

Conclusions

SBOMs are an important strategy whose implementation is mandated by regulatory requirements. However, they also offer great potential for improving processes for secure software development and increasing cyber resilience, in particular through automation in conjunction with the tools presented here, such as IT asset management, patch management, and others. The regulatory requirements alone force companies to act and do not just apply to software companies, but to all areas in which software is part of a product – for example, the firmware. Companies need to address SBOM and its implications now and should leverage its potential to optimize processes and improve integration between software development and cybersecurity.

Infos

US Executive Order on Improving the Nation's Cybersecurity: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
EU Cyber Resilience Act: https://www.europarl.europa.eu/doceo/document/TA-9-2024-0130_EN.html#title2
CISA on SBOM: https://www.cisa.gov/sbom
NTIA minimum elements for an SBOM: https://www.ntia.doc.gov/files/ntia/publications/sbom_minimum_elements_report.pdf
OWASP CycloneDX: https://cyclonedx.org
ISO/IEC 5230:2020: https://www.iso.org/standard/81039.html
ISO/IEC 5962:2021: https://www.iso.org/standard/81870.html

The Author

Martin Kuppinger is the founder of and Principal Analyst at KuppingerCole Analysts AG.

« Previous 1 2 3

Buy this article as PDF

Express-Checkout as PDF

Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES

SUBSCRIPTIONS

Print Subs

Digisubs

TABLET & SMARTPHONE APPS

US / Canada

UK / Australia

Related content

How to Use an SBOM

more »
Synopsys Report Shows "Alarming" Increase in High-Risk Vulnerabilities

more »
Trivy security scanner
The Trivy open source tool provides information on container and software security.

more »
Exploring the AlmaLinux Build System
The AlmaLinux Build System lets you build, test, sign, and release packages from a single interface.

more »
SPDX Version 3 Released

more »

comments powered by Disqus

Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
</a>

<hr>
</div>
</div>

<div class=