The Canadian Centre for Cyber Security (Cyber Centre) has joined the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and other international partners in releasing guidance on a shared vision of software bill of materials (SBOM) for cyber security.
The joint guidance aims to inform software producers, purchasers and operators of the benefits of integrating SBOM generation, analysis, and sharing into security processes and practices.
An SBOM is a "list of ingredients" for software. It is a formal record of the details of various components used in building software as well as their supply chain relationships. This "list of ingredients" helps a user determine if a given component is present in a piece of software. By providing insight into the sources of "ingredients" or the provenance of the software, SBOM generation increases transparency and can help mitigate software and supply chain risks.
Read the full joint publication: A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity