Lead Image © Tjefferson, Fotolia.com

Lead Image © Tjefferson, Fotolia.com

Security and automation with SBOMs

Unboxing

Article from ADMIN 81/2024
By
Already mandatory in the United States and recently approved in Europe thanks to new legislation, a software bill of materials provides information about software components, enabling IT managers to respond better to attacks and vulnerabilities.

In recent years, the software supply chains at SolarWinds and Kaseya, among others, have been targeted, along with identified vulnerabilities in widely used open source libraries, including Heartbleed in 2014, a vulnerability in OpenSSL, and Log4j in 2021. In both cases, innumerable systems were affected.

Back in May 2021, the United States introduced an obligation to provide a software bill of materials (SBOM) in a Presidential Executive Order on Improving the Nation's Cybersecurity [1]. The European Parliament recently adopted (March 2024) the Cyber Resilience Act (CRA), which also calls for an SBOM [2].

The need for action by all companies that produce and distribute software as a standalone product or as part of products such as electrical appliances or machines is real. At the same time, the SBOM offers every company the opportunity to better understand and manage the attack surface and respond more quickly to threats.

Software Bill of Materials

The vast majority of modern software is no longer coded from scratch and then compiled; rather, it makes extensive use of standard libraries such as those already mentioned or frameworks such as OpenSSL or Log4j, which provide functions such as SSL/TLS encryption or logging. A very large proportion of these libraries are open source and freely available. In addition to the basic libraries, other services are also used in software, whether in technical goods, as standalone applications, or in the form of cloud services. For cloud applications in particular, these are typically platforms as a service (PaaS), from databases to artificial intelligence (AI).

Today's reality is characterized by complex, multilayered software from a variety of sources, which creates the challenge, thus far difficult to understand, as to what

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus