The National Security Agency and the Cybersecurity and Infrastructure Security Agency, in collaboration with cybersecurity agencies from more than a dozen countries, have released a joint guidance highlighting the importance of a software bill of materials. The publication, titled “A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity,” urges software producers, procurers and operators to adopt SBOM practices to strengthen visibility into supply chains and reduce risks, NSA said Wednesday.
Potomac Officers Club will host the 2025 Intel Summit on Oct. 2. The event brings together senior leaders from across the intelligence community to explore emerging threats, technological advances and strategic opportunities shaping national security today. Register today to secure your spot and engage with decision-makers and thought leaders driving the future of the IC.
Table of Contents
Enhancing Supply Chain Security
An SBOM is described as a “list of ingredients” for software, documenting the components, modules and libraries used to build an application. The guidance notes that most modern software is built on open-source and proprietary elements, making it critical to increase transparency around software dependencies. By generating, analyzing and sharing SBOMs, organizations can improve vulnerability management, supply chain risk assessments, license compliance and software development practices, the guidance stated.
The document highlights how SBOMs helped organizations respond more efficiently to the 2021 Log4j vulnerability. Those with SBOM data were able to identify affected components faster, while those without had to rely on time-consuming manual checks.
Driving SBOM Adoption
The guidance aligns SBOM implementation with the Secure by Design initiative, which encourages technology manufacturers to normalize the development of products that are secure out of the box. It calls for automation in SBOM generation and integration into existing security and asset management tools to ensure effectiveness and scalability.
“Widespread adoption of SBOM will strengthen security, reduce risk, and decrease costs,” the authoring agencies said. They also warned that diverging implementations could hinder progress, stressing the need for a coordinated international approach.
The effort was developed in partnership with the Australian Cyber Security Centre; the Canadian Centre for Cyber Security; the French Cybersecurity Agency; Germany’s Federal Office for Information Security; Japan’s Ministry of Economy, Trade and Industry; Singapore’s Cyber Security Agency; South Korea’s National Intelligence Service; and more than 10 other national authorities. The European Commission’s Directorate-General for Communications Networks, Content and Technology also contributed to the guidance.
Related Articles
The Department of the Air Force has unveiled a new strategy outlining how the DAF will deliver a resilient and adaptive encrypted network that facilitates real-time data sharing in support of warfighters. DAF Network of the Future Strategy’s Objectives The department’s Network of the Future Strategy has six objectives: bolster network resilience; increase operational scalability and flexibility; secure the network of the future; streamline network management; integrate the network environment; and enable the workforce of the future. “This strategy will serve as our North Star as we address rapidly evolving threats and rising demand for seamless connectivity, empowering our warfighters
NASA Acting Administrator Sean Duffy has named Amit Kshatriya the agency’s new associate administrator, the highest-ranking civil service position. The agency said Wednesday Kshatriya will oversee program planning and execution for crewed missions to the Moon through the Artemis campaign in preparation for humanity’s first mission to Mars. Who Is Amit Kshatriya? Kshatriya has dedicated nearly two decades of service to NASA, gaining valuable operational and strategic experience. Before his most recent promotion, he served as deputy associate administrator for the Moon to Mars program in the Exploration Systems Development Mission Directorate. In this role, he oversaw the execution of the initiative’s initial
The National Science Foundation has begun soliciting proposals for an initiative to establish a community-based center that will oversee the development of the overarching framework, management structure and operations strategy to support an integrated national infrastructure for artificial intelligence research and education. National AI Research Resource Operations Center NSF said Wednesday the proposed National Artificial Intelligence Research Resource Operations Center, or NAIRR-OC, seeks to transition the NAIRR Pilot into a sustainable national program that will accelerate AI research capabilities. “The NAIRR Operating Center solicitation marks a key step in the transition from the NAIRR Pilot to building a sustainable and