Last week the DC area CTO roundtable returned to meeting in-person for the first time since the pandemic. With SolarWinds and the popular Java logging framework Log4j still on many minds, the topic at the meeting was Software Bills of Materials (SBOM). An SBOM is becoming an essential tool for verifying software integrity and alerting to security vulnerabilities and policy violations.
Allan Friedman from CISA described an SBOM as listing the ingredients that make up software components.
As I read a little more about SBOM tools and technologies, a recent assessment found the quality and implementation of SBOMs in open-source repositories varies widely. That is something to keep in mind.
This was an interesting topic to begin the new year. Hope for more to come.
