SBOMs to Protect Your Organization

Securing the Software Supply Chain: SBOMs to Protect Your Organization

INTRODUCTION: WHY SBOMS?

 

In 2020, SolarWinds suffered a massive breach with the injection of malicious code into a patch update for one of its products. By March 2021, 18,000 organizations and enterprises had installed the malicious patch onto their SolarWinds systems, from Fortune 500 companies to the U.S. government. The incident revealed an uncomfortable truth: Today’s cyber threat actors have become increasingly sophisticated at exploiting software supply chains to conduct attacks. Whether threatened by crime groups or intelligence groups, even organizations deploying best practices for cybersecurity are faced with mounting cyber risks from their suppliers being infiltrated. Software supply chain threats are considered a top attack vector as threat actors introduce malicious tools and programs into vendor products and services at each level of the development cycle, presenting new threat considerations for enterprises that render many previous approaches to cyber defense obsolete. A Software Bill of Materials, or SBOM, is now considered by cyber industry players and the federal government as a clear solution to the increasing software supply chain attacks.

 

Often compared to a nutrition facts label for software providers, SBOMs enable organizations to get a clear picture of the “ingredients” of the programs and applications they rely on. SBOMs safeguard enterprises and applications through transparency; security teams are able to identify outdated software, low-quality tools, non-trustworthy vendors and other potential issues within their enterprise software through a framework that identifies each component of the software supply chain. By enabling transparency into their software components and providers, SBOMs help organizations achieve Zero Trust security posture.

 

In May 2021, the White House issued an Executive Order on Cybersecurity, advocating for SBOMs. The executive order states that, “A widely used, machine-readable SBOM format allows for greater benefits through automation and tool integration. […] The SBOMs gain greater value when collectively stored in a repository that can be easily queried by other applications and systems. Understanding the supply chain of software, obtaining an SBOM and using it to analyze known vulnerabilities are crucial in managing risk.” Industry observers suggest that future federal guidance may require many organizations, regardless of presence in critical industries, to utilize SBOMs as part of their security posture

SCARICA

Questo sito utilizza cookies per memorizzare informazioni sul tuo device. I cookies aiutano il normale funzionamento del nostro sito e ci mostrano come poter migliorare l'esperienza dell'utente.
Continuando la navigazione accetti la nostra cookie policy e privacy policy.

Contattaci
Hik-Partner Pro close
Hik-Partner Pro
Security Business Assistant. At Your Fingertips. Learn more
Hik-Partner Pro
Scan and download the app
Hik-PartnerPro
Hik-PartnerPro

Get a better browsing experience

You are using a web browser we don’t support. Please try one of the following options to have a better experience of our web content.