Intentar ORO - Gratis
Want to Prevent a Cyber Attack? Prepare a Software Bill of Materials
Open Source For You
|April 2023
A Software Bill of Materials (SBOM) lists all the open source and third-party components present in a codebase, and has been mandated in the US. It helps make software transparent and less vulnerable to attacks.
Open source software security is always in the spotlight. Every time there is a cyber attack, a lot of time and effort is required to detect not just when, where and how it occurred, but also to measure the real impact on the applications and services that are running in digital environments. Recent cyber-attacks have highlighted the general lack of knowledge about code dependencies and attacks on the software supply chain.
A Software Bill of Materials (SBOM) helps organisations to meet new domestic and international cyber security requirement laws. Supply chains point out the relationships between the various components used in building software. These components include libraries and modules. They can be open source or proprietary, and free or paid.
Why are SBOMs needed?
An SBOM is a list of all the open source and thirdparty components present in a codebase. It also lists the licences that govern those components, the versions of the components used in the codebase, and their patch status. This helps security teams to quickly identify any associated security or licence risks.
An SBOM provides a machine readable list of components of the software and its dependencies. As it has become a key component for cloud security for private and government organisations, it is estimated that 88 per cent of organisations will use SBOMs by the end of 2023.
Similarly, smart organisations that build software maintain an accurate, up-to-date SBOM, which includes an inventory of third-party and open source components to ensure that their code is of high quality, compliant, and secure.
SBOMs and cyber security
Esta historia es de la edición April 2023 de Open Source For You.
Suscríbete a Magzter GOLD para acceder a miles de historias premium seleccionadas y a más de 9000 revistas y periódicos.
¿Ya eres suscriptor? Iniciar sesión
MÁS HISTORIAS DE Open Source For You
Open Source For You
The Role of Open Source in Building Modern Data Infrastructure
It's no secret that open source is emerging as the backbone of modern data infrastructure. Here’s a list of the core open source technologies used to deploy this infrastructure, along with some real-world examples and a brief on why open source matters.
3 mins
December 2025
Open Source For You
The Whispering Machines: How Open Source is Bringing Intelligence to the Tiniest Devices
Built on open source frameworks, TinyML is enabling complex machine learning models to run on the microcontrollers embedded in connected devices, bringing artificial intelligence to the very edge of the network.
3 mins
December 2025
Open Source For You
Setting Up Snort to Secure Your Network
Snort is a popular, open source intrusion detection system that monitors traffic in real time to detect malware. Here’s a detailed explanation of how to set it up on Ubuntu and test it by generating traffic from another system.
7 mins
December 2025
Open Source For You
When AI Meets DevOps to Build Self-Healing Systems
Traditional DevOps, with its rule-based automation, is struggling to work effectively in today’s complex tech world. But when combined with AlOps, it can lead to IT systems that predict failures and solve issues without human intervention.
7 mins
December 2025
Open Source For You
How to Automate Java Code Modernisation
This short guide illustrates that automating Java code modernisation with Python and OpenAI API is not just possible-it's remarkably effective.
5 mins
December 2025
Open Source For You
The Quest to Build a Quantum Computer
The road to large-scale quantum computing is long and hard, with incremental advances paving the way. But the destination is in sight.
12 mins
December 2025
Open Source For You
Job Opportunities: What's Hot in the Cloud Space?
If there's one field that refuses to slow down, it's cloud computing. Even as automation and AI reshape roles, cloud adoption continues to surge. From startups deploying microservices overnight to enterprises migrating decades of legacy systems, cloud remains the engine of digital transformation. For professionals, this means one thing: skills that live in the cloud won't come down anytime soon.
2 mins
December 2025
Open Source For You
Securing Client Identity with Post-Quantum Cryptography
Here's a quick tutorial on how to build a secure, real world client-server model that establishes client identity by using CRYSTALS-Dilithium, a post-quantum cryptography algorithm.
3 mins
December 2025
Open Source For You
Unlocking the Power of Multi-Agent Solutions with the Microsoft Agentic Framework
The Microsoft Agentic Framework is rapidly emerging as a cornerstone for developers, architects, and technology leaders seeking to build dynamic, intelligent systems powered by multiple collaborating agents. In an era where automation, distributed intelligence, and adaptive software are increasingly vital, this framework offers robust tools and features to accelerate the design and deployment of agent-based solutions.
6 mins
December 2025
Open Source For You
Apache Iceberg and Trino: Powering Data Lakehouse Architecture
Apache Iceberg is a cornerstone of any open data lakehouse, providing the transactional foundation upon which highly scalable and flexible analytics can flourish. Along with Trino, it can be used to build a robust, scalable, and high-performance data lakehouse.
4 mins
December 2025
Translate
Change font size