Never Drop The SBOM, Why A Software Bill Of Materials Pays Off

Mike Lieberman, co-founder and CTO at software supply chain security company Kusari thinks that SBOMs are an ecosystem-agnostic way to describe the software that’s inside applications. In fact, CISA released a draft of its updated SBOM “minimum elements” for public comment last month.“For engineering and platform teams, the proposed updates mean fewer proprietary formats, less guesswork when integrating tools… and a standardized record that can travel across environments and vendors. The addition of new mandatory fields, like Tool Name and License, brings greater clarity. SBOM tools operate differently, so knowing which tool generated an SBOM helps teams assess the reliability of their data, while explicit license information is critical for navigating usage rights in SaaS, distributable products, or mixed environments. This is important as many organizations place restrictions on which licenses can be used in their software,” said Lieberman.