Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Leadership and ManagementLogical SecurityCybersecurity News

Understanding SBOMs: A snapshot of your software security

By Tim Kenney
software security

Image by macrovector via Freepik

December 7, 2022

In May of 2021, President Biden signed the Executive Order on Improving the Nation’s Cybersecurity. The order directs government agencies to make sweeping changes to ratchet up software security policy at the Federal level. 

 

The order set into motion a flurry of activity across government agencies, as some of the nation’s top cybersecurity experts work diligently to ensure the technological infrastructure underpinning our civic lives is in alignment with these new regulations. 

 

In the midst of these conversations about securing the software supply chain, one term consistently rises to the forefront: SBOM. 

 

SBOM stands for Software Bill of Materials. It’s an accounting of all the components in a software application. More precisely (per the NTIA), an SBOM is a “complete, formally structured list of components, libraries and modules that are required to build a given piece of software and the supply chain relationships between them.”

 

As a result of the Executive Order, we can expect that all developers and software suppliers doing business with the federal government will be required to provide SBOM. The timeline for compliance has not yet been established, but the policy is moving quickly, and we are likely to see these regulations in place within the year. And it’s not just the feds who should be thinking about SBOMs; any enterprise owner looking to secure their software supply chain should be familiar with SBOMs and require them from their software vendors.

 

Today, more than 90% of all new software is built using open-source components. The upside of open source code is that the opportunities are limitless - developers have unprecedented freedom and access to create new applications using existing building blocks. The downside is that, in many cases, those components contain vulnerabilities and deeply embedded licensing restrictions that jeopardize the integrity of the package.

 

An SBOM solves that by providing transparency.

 

What’s in an SBOM?

The NTIA defines the minimum elements to be included in an SBOM.

 

●     Supplier Name The name of an entity that creates, defines, and identifies components.

●     Component Name Designation assigned to a unit of software-defined by the original supplier.

●     Version of the Component Identifier used by the supplier to specify a change in software from a previously identified version.

●     Other Unique Identifiers Other identifiers that are used to identify a component or

serve as a look-up key for relevant databases.

●     Dependency Relationship Characterizing the relationship that an upstream component

X is included in software Y.

●     Author of SBOM Data The name of the entity that creates the SBOM data for this component.

●     Timestamp Record of the date and time of the SBOM data assembly.

 

License information (and license text) is also often included. 

 

There are a number of tools in the market available for generating and publishing SBOMs. It’s important to remember, however, that an SBOM is just a snapshot in time. In order to truly secure your software supply chain, you must continuously check for new vulnerabilities. Yesterday’s SBOM is no more useful than the Covid test you took last week. There are always new risks emerging, and scanning must be a constant, ongoing process. 

KEYWORDS: cybersecurity risk management software security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Tim Kenney is on a mission to democratize software security. As President and COO of SOOS, Tim and his team are dedicated to ensuring all developers have the tools they need to identify and remediate code vulnerabilities, making software safer for everyone.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Columns
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Kodak Security: A Snapshot of the Finest

    See More
  • Software Bills of Materials

    Weaponizing SBOMs: A Practical Guide for Security Practitioners

    See More
  • Doctor held at gunpoint

    Weapons detection in healthcare: A snapshot and guide

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • intelligent.jpg

    Intelligent Network Video: Understanding Modern Video Surveillance Systems, Second Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing