Try GOLD - Free
Want to Prevent a Cyber Attack? Prepare a Software Bill of Materials
Open Source For You
|April 2023
A Software Bill of Materials (SBOM) lists all the open source and third-party components present in a codebase, and has been mandated in the US. It helps make software transparent and less vulnerable to attacks.
Open source software security is always in the spotlight. Every time there is a cyber attack, a lot of time and effort is required to detect not just when, where and how it occurred, but also to measure the real impact on the applications and services that are running in digital environments. Recent cyber-attacks have highlighted the general lack of knowledge about code dependencies and attacks on the software supply chain.
A Software Bill of Materials (SBOM) helps organisations to meet new domestic and international cyber security requirement laws. Supply chains point out the relationships between the various components used in building software. These components include libraries and modules. They can be open source or proprietary, and free or paid.
Why are SBOMs needed?
An SBOM is a list of all the open source and thirdparty components present in a codebase. It also lists the licences that govern those components, the versions of the components used in the codebase, and their patch status. This helps security teams to quickly identify any associated security or licence risks.
An SBOM provides a machine readable list of components of the software and its dependencies. As it has become a key component for cloud security for private and government organisations, it is estimated that 88 per cent of organisations will use SBOMs by the end of 2023.
Similarly, smart organisations that build software maintain an accurate, up-to-date SBOM, which includes an inventory of third-party and open source components to ensure that their code is of high quality, compliant, and secure.
SBOMs and cyber security
This story is from the April 2023 edition of Open Source For You.
Subscribe to Magzter GOLD to access thousands of curated premium stories, and 9,500+ magazines and newspapers.
Already a subscriber? Sign In
MORE STORIES FROM Open Source For You
Open Source For You
A Simple System that Uses Duplicati for Backing Up Data
The open source based data backup system outlined here can be really useful for a small office home office setup. Learn how to set up Duplicati on Windows, back up data to a Linux server, schedule daily backups, secure them with encryption, restore files when needed, and receive email notifications.
9 mins
August 2025
Open Source For You
Lisp for Robotics: Implementing Graph Traversal
Created in 1959 by John McCarthy, Lisp is a programming language designed to manipulate symbolic data easily, which is a key characteristic of AI. This language is still used for prototyping and to demonstrate different AI concepts. Here's a short tutorial on how it can help to implement three graph traversal algorithms.
5 mins
August 2025
Open Source For You
LibreOffice 25.2.5 is stable and reliable after 63 bug fixes
The Document Foundation has officially released LibreOffice 25.2.5, the fifth maintenance update in the LibreOffice 25.2 series.
1 min
August 2025
Open Source For You
The Evolution of PostgreSQL in the Age of AI
PostgreSQL, enhanced with the pgvector extension, brings semantic search capabilities into a traditional SQL environment. With support for both structured queries and Al-driven search, pgvector enables developers to build intelligent, cost-effective applications within a familiar ecosystem, positioning PostgreSQL as a future-ready, Al-native database. Let's learn more....
5 mins
August 2025
Open Source For You
Calico: Open source platform for Kubernetes networking, security, and observability is in version 3.30
Calico is an open source, unified platform that integrates networking, security, and observability for Kubernetes environments—whether deployed in the cloud, on-premises, or at the edge.
1 min
August 2025
Open Source For You
Red Hat launches RHEL for Business Developers
Red Hat has announced Red Hat Enterprise Linux for Business Developers, a new self-service offering aimed at simplifying access to its flagship enterprise Linux platform for development and testing.
1 min
August 2025
Open Source For You
Data Governance in the Digital Era: An Overview
Data governance plays a critical role in ensuring effective data management in an organisation. Businesses who invest in it are at a definite advantage over those who don't.
7 mins
August 2025
Open Source For You
Shape the Success of Your Business with Smart Data Management and Security Practices
In today's world, data is a company's best asset, if used well. Also, data management and data security are no longer merely good business practices - they are critical to the success of an organisation.
6 mins
August 2025
Open Source For You
Wireshark 4.4.8 comes with updated protocol support and key bug fixes
The Wireshark team has announced the release of Wireshark 4.4.8, the eighth maintenance update in the 4.4 stable series of the world's most popular open source network protocol analyser.
1 min
August 2025
Open Source For You
HealSphere: An Open Source-Based Mental Health Support Platform
This real-world CI/CD implementation has been developed using open source tools to deploy a modular mental health support platform.
11 mins
August 2025
Translate
Change font size