Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and Copilots
    • Innovation & Leadership
    • Cybersecurity
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
  • Summit NA
  • Dynamics Communities
  • Ask Copilot
Twitter Instagram
  • Summit NA
  • Dynamics Communities
  • AI Copilot Summit NA
  • Ask Cloud Wars
Twitter LinkedIn
Cloud Wars
  • Home
  • Top 10
  • CW Minute
  • CW Podcast
  • Categories
    • AI and CopilotsWelcome to the Acceleration Economy AI Index, a weekly segment where we cover the most important recent news in AI innovation, funding, and solutions in under 10 minutes. Our goal is to get you up to speed – the same speed AI innovation is taking place nowadays – and prepare you for that upcoming customer call, board meeting, or conversation with your colleague.
    • Innovation & Leadership
    • CybersecurityThe practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
    • Data
  • Member Resources
    • Cloud Wars AI Agent
    • Digital Summits
    • Guidebooks
    • Reports
  • About Us
    • Our Story
    • Tech Analysts
    • Marketing Services
    • Login / Register
Cloud Wars
    • Login / Register
Home » SolarWinds Breach & Cybersecurity Executive Order Propel SBOM
Cybersecurity

SolarWinds Breach & Cybersecurity Executive Order Propel SBOM

Security as an Enabler
Chris HughesBy Chris HughesNovember 10, 20213 Mins Read
Facebook Twitter LinkedIn Email
SBOM
Share
Facebook Twitter LinkedIn Email

If you are in IT and cybersecurity, you may have heard the term software bill of materials (SBOM) increasingly being used. This may not be a new concept for everyone, but it is for some business and technology professionals.

BOM vs. SBOM

The bill of materials (BOM) has been part of manufacturing for years. It is utilized to track subcomponents for an end product and is applied to the broader supply chain management practice.

As technology organizations look to apply lessons learned from the manufacturing industry, an SBOM can help maximize productivity, standardization, and quality. Much like a manufacturing BOM, an SBOM is a “machine-readable inventory of software components and dependencies, information about those components and their hierarchical relationships”.

SBOM: a machine-readable inventory of software components and dependencies, information about those components and their hierarchical relationships

SBOM: a machine-readable inventory of software components and dependencies, information about those components and their hierarchical relationships

In truth, SBOM has been part of public discourse for over a decade. However, it is getting renewed attention through work by the National Telecommunications and Information Administration (NTIA), the SolarWinds breach, and mentions in the recent “Executive Order on Improving the Nation’s Cybersecurity.” The Executive Order intends to enhance supply chain security, with key provisions providing software purchasers with an SBOM. Whenever federal acquisitions include new requirements in this way, they tend to create cascading impacts on other industries.

Improving the Discovery Process

SBOM provides insight that might otherwise require a lot of manual effort to discover. As new vulnerabilities are disclosed, organizations don’t have a straightforward way to determine if they are impacted or the location of any vulnerable/compromised software. With an SBOM, this discovery process is improved and organizations can quickly begin remediation or mitigation efforts to ensure their organization isn’t harmed. Organizations use a myriad of proprietary software, with more than 90% utilizing open-source software in application development. SBOM provides critical insight into organizational software components, many of which contain critical and unaddressed vulnerabilities.

When developing internal applications, organizations should consider what software they’re selling to customers, purchasing from vendors, and sourcing from the Web. With the push for SBOM in the Cyber Executive Order, not only will government purchasers begin to ask about SBOM’s, but commercial customers will as well. Software vendors are a core part of the software supply chain and third-party risk management; without transparency, there could be a perpetual blind spot. The same can be said for open source projects. Software consumers must evaluate the software they use, which could contain unknown vulnerabilities and introduce risk to the organization.

Not only are software vendors beginning to offer SBOMs due to consumer demand, but the industry is maturing in this regard as well. Another effort underway from NTIA, called the Vulnerability Exploitability Exchange, seeks to provide additional guidance regarding whether a product is impacted by a specific vulnerability included in its components, and if so, what actions can be taken to remediate them.

Final Thoughts

SBOM’s offer critical insight for software producers, consumers, and operators from the perspective of visibility and vulnerability management, as well as benefits like licensing. They also shine the bright light of transparency on a complex ecosystem and supply chain that can have devastating and cascading impacts in countless ways. As it’s sometimes said, transparency increases credibility and accountability.

Cyber Security Cybersecurity featured Security as an Enabler software supply chain
Share. Facebook Twitter LinkedIn Email
Analystuser

Chris Hughes

CEO and Co-Founder
Aquia

Areas of Expertise
  • Cloud
  • Cybersecurity
  • LinkedIn

Chris Hughes is a Cloud Wars Analyst focusing on the critical intersection of cloud technology and cybersecurity. As co-founder and CEO of Aquia, Chris draws on nearly 20 years of IT and cybersecurity experience across both public and private sectors, including service with the U.S. Air Force and leadership roles within FedRAMP. In addition to his work in the field, Chris is an adjunct professor in cybersecurity and actively contributes to industry groups like the Cloud Security Alliance. His expertise and certifications in cloud security for AWS and Azure help organizations navigate secure cloud migrations and transformations.

  Contact Chris Hughes ...

Related Posts

Google’s Vision for Gemini Super Assistant, Universal Capabilities

May 30, 2025

Accelerate, Assist, Transform: A Framework for AI Adoption Success

May 30, 2025

Google Offers First-of-Its-Kind GenAI Certification for Managers

May 30, 2025

Marc Benioff Is Transforming World’s Largest Apps Vendor into AI-Data Powerhouse

May 29, 2025
Add A Comment

Comments are closed.

Recent Posts
  • Google’s Vision for Gemini Super Assistant, Universal Capabilities
  • Accelerate, Assist, Transform: A Framework for AI Adoption Success
  • Google Offers First-of-Its-Kind GenAI Certification for Managers
  • Marc Benioff Is Transforming World’s Largest Apps Vendor into AI-Data Powerhouse
  • AI Agents Are Here: Why C-Suite Leaders Should Pay Attention Now

  • Ask Cloud Wars AI Agent
  • Tech Guidebooks
  • Industry Reports
  • Newsletters

Join Today

Most Popular Guidebooks

Accelerating GenAI Impact: From POC to Production Success

November 1, 2024

ExFlow from SignUp Software: Streamlining Dynamics 365 Finance & Operations and Business Central with AP Automation

September 10, 2024

Delivering on the Promise of Multicloud | How to Realize Multicloud’s Full Potential While Addressing Challenges

July 19, 2024

Zero Trust Network Access | A CISO Guidebook

February 1, 2024

Advertisement
Cloud Wars
Twitter LinkedIn
  • Home
  • About Us
  • Privacy Policy
  • Get In Touch
  • Marketing Services
  • Do not sell my information
© 2025 Cloud Wars.

Type above and press Enter to search. Press Esc to cancel.

  • Login
Forgot Password?
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.