INTRODUCTION: WHY SBOMS?
In 2020, SolarWinds suffered a massive breach with the injection of malicious code into a patch update for one of its products. By March 2021, 18,000 organizations and enterprises had installed the malicious patch onto their SolarWinds systems, from Fortune 500 companies to the U.S. government. The incident revealed an uncomfortable truth: Today’s cyber threat actors have become increasingly sophisticated at exploiting software supply chains to conduct attacks. Whether threatened by crime groups or intelligence groups, even organizations deploying best practices for cybersecurity are faced with mounting cyber risks from their suppliers being infiltrated. Software supply chain threats are considered a top attack vector as threat actors introduce malicious tools and programs into vendor products and services at each level of the development cycle, presenting new threat considerations for enterprises that render many previous approaches to cyber defense obsolete. A Software Bill of Materials, or SBOM, is now considered by cyber industry players and the federal government as a clear solution to the increasing software supply chain attacks.
Often compared to a nutrition facts label for software providers, SBOMs enable organizations to get a clear picture of the “ingredients” of the programs and applications they rely on. SBOMs safeguard enterprises and applications through transparency; security teams are able to identify outdated software, low-quality tools, non-trustworthy vendors and other potential issues within their enterprise software through a framework that identifies each component of the software supply chain. By enabling transparency into their software components and providers, SBOMs help organizations achieve Zero Trust security posture.
In May 2021, the White House issued an Executive Order on Cybersecurity, advocating for SBOMs. The executive order states that, “A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration. […] The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems. Understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities are crucial in managing risk.” Industry observers suggest that future federal guidance may require many organizations, regardless of presence in critical industries, to utilize SBOMs as part of their security posture
Core Technologies
Product Selector
Accessory Selector
New Products
HiTools Designer
Hikvision License Activation
Hikvision App Store
