The ZVEI has published a new white paper to develop a common understanding of the Software Bill of Materials (SBOM) and its meaningful use, describe minimum elements and their scope and highlight options for future development.
SBOM is a kind of software parts list
Cybersecurity requirements are increasingly becoming the focus of regulatory attention. The interest in tools that make it possible to improve quality and processes in the (software) supply chain is therefore continuing to grow for these reasons, among others. Software bills of materials (SBOMs) are seen as one such instrument. As a kind of software bill of materials, an SBOM contains information about the software components used and can be seen as an important building block of software supply management. It can be used to achieve transparency about the software components used and, based on this, improve cyber security along the supply chain.
A common understanding of SBOM is the goal
The aim of this paper is to develop a common understanding of SBOM and its meaningful use, to describe minimum elements and their scope and to identify options for future development. However, the introduction of a further complex requirement for the provision of information without added value for the implementing companies should be avoided at all costs. This document should also highlight the internal benefits of an SBOM for the manufacturer and the advantages and disadvantages for an external consumer of an SBOM.
Before further consideration is given to the use and implementation of SBOMs, a common understanding of SBOMs should be developed by both industry stakeholders and regulators. This paper aims to contribute to this understanding from the perspective of the electrical and digital industry.
