Professional Documents
Culture Documents
Software Bill of Materials (SBOM) - Joel Abreu 1100774
Software Bill of Materials (SBOM) - Joel Abreu 1100774
Software Bill of Materials (SBOM) - Joel Abreu 1100774
______________________________________________________________________
A “software bill of materials” (SBOM) has emerged as a key building block in software
security and software supply chain risk management. A SBOM is a nested inventory, a
libraries, tools, and processes used to develop, build, and publish a software artifact.
Software bill of materials is a term taken from the manufacturing industry; it is used to
keep track of components in the software supply chain. Bill of materials is vital for
security because it helps identify which parts of the system in the supply chain contain
known vulnerabilities.
It is a nested inventory, a list of parts, dependencies, and anything that makes up software
components.
I think can be, because this document contains almost all the software specifications and
how it’s built. Also, this document has been made to mainly standardize and structure all
Software Bill of Materials (SBOM) | Página 3
______________________________________________________________________
vulnerabilities. So, in theory, yes, it’s rather a risk if it'll going into the wrong hands.
7. Design a data format for SBOM (MUST be both Human and Machine readable)
CycloneDX
1">04b39fce560f8a9609e5b5db6e605fc2ba2c5a42</hash> <hash
alg="SHA-
256">78522e385d01fc74cb6410abb22b2b0ed9b47c1124635d95517940292882
384">aff816bf691e4490d4e977386c21abaceb97b7ce502d88c35c52cfdb7a7e
512">500bd8dd0b821ef84c57643324e1d0eea1111aa9c7913bc35cb812f57712
8867c74c698b59fb603b358cc5545a708feb8dfca223023f81597658053e5317d
Software Bill of Materials (SBOM) | Página 4
______________________________________________________________________
256">9e45261eff969396b6a3e97a1ad65dced304f77765655c9a72a2904caa13
384">fea472f4c2bdee7df208ad3d6a76125ce282a250eb960bc2171297a3ae2e
512">6ed81f58d9039e56d393165bd26c998584e364f7975e33f5c3008ac10d67
ed190edcd196c5ce1554e23c4e1271f8aed631e07c3ea0de59a3457891d188e71
ref="pkg:maven/io.dropwizard/dropwizard-parent@1.3.15"
<url>http://www.apache.org/licenses/LICENSE-2.0</url> </license>
</licenses> <purl>pkg:maven/io.dropwizard/dropwizard-
The impact of getting an SBOM before an acquisition is positive because the client has a
lot of information about the product that they almost acquired, so with technical resources
(NTIA) (USA?
NTIA is the Executive Branch agency that is principally responsible for advising the