Software Bill Of Materials Nist. Bills of materials BoM are commonly used for hardware design but the idea behind a software bill of materials is to make sure outdated software libraries with known vulnerabilities are not included in a specific program. An SBOM is effectively a nested inventory a list of ingredients that make up software components.
In the absence of that heres a definition of an SBOM from the NTIAs Framing Software Component Transparency. Entity that creates SBoMs Supplier. For published stakeholder-drafted consensus documents on SBOM please visit ntiagovSBOM.
This site features information and resources for the ongoing Software Component Transparency effort around Software Bill of Materials SBOM.
The grass- roots effort. J the term Software Bill of Materials or SBOM means a formal record containing the details and supply chain relationships of various components used in building software. The executive order directs the National Institute of Standards and Technology NIST to develop guidelines for secure software development with which all commercial suppliers to the government will have to comply and which are likely to become a standard that others adopt voluntarily. The SPDX specification is developed by the SPDX workgroup which is hosted by The Linux Foundation.
