Having a software bill of materials is essential to quality and security
New research from the Linux Foundation looks at the extent of organizational software bill of materials (SBOM) readiness and adoption tied to cybersecurity efforts.
An SBOM is formal and machine-readable metadata that uniquely identifies a software component and its contents, and it may also include copyright and license data.
SBOMs are designed to be shared across organizations and are particularly helpful at providing transparency of components delivered by different participants in a software supply chain. As a result many organizations concerned about application security are making SBOMs a cornerstone of their cybersecurity strategy.
The report finds that 82 percent of over 400 organizations surveyed are familiar with the term software bill of materials and 76 percent are actively engaged in addressing SBOM needs. 47 percent are already producing or consuming SBOMs and 78 percent of organizations expect to produce or consume SBOMs in 2022, up 66 percent from the previous year
"SBOMs are no longer optional. Our Linux Foundation Research team revealed 78 percent of organizations expect to produce or consume SBOMs in 2022," says Jim Zemlin, executive director at the Linux Foundation. "Businesses accelerating SBOM adoption following the publication of the new ISO standard (5962) or the White House Executive Order, are not only improving the quality of their software, they are better preparing themselves to thwart adversarial attacks following new open source vulnerability disclosures like those tied to log4j."
Among other findings, 62 percent are looking for better industry consensus on how to integrate the production and consumption of SBOMs into their DevOps practices, while 58 percent want consensus on integration of SBOMs into their risk and compliance processes. 53 percent want to see better industry consensus on how SBOMs will evolve and improve.
You can get the full report from the Linux Foundation site.
Image credit: nd3000 / Shutterstock