The US cybersecurity agency CISA, the NSA, and the Office of the Director of National Intelligence (ODNI) have issued new guidance for software vendors and suppliers to enhance the security of the software supply chain. This document helps organizations assess their security practices throughout the software development lifecycle, including the management of open source software (OSS) and software bills of materials (SBOM). It offers recommendations applicable across various stages of the software supply chain. The guidance emphasizes the importance of SBOMs in software security and supply chain risk management, as they provide information about the software’s composition, compliance, and update status, helping reduce the exposure window for vulnerabilities. Automated SBOM processing and analysis are key to fully utilizing SBOMs in procurement, asset management, vulnerability management, and supply chain risk management workflows.
Read more: https://www.securityweek.com/us-government-issues-guidance-on-sbom-consumption/