CISA strategist: What is an SBOM and why it matters to compliance
Cyberattacks on software are increasing, and the best chance organizations have of protecting themselves is to know about potential vulnerabilities through a software bill of materials (SBOM), according to a senior adviser and strategist at the Cybersecurity and Infrastructure Security Agency.
Computer software is in everything from cars to manufacturing equipment, but unlike metal parts, barrels of liquids, or other items used in production, we often know nothing about who created the software and its history. This has created huge risk for organizations, said Allan Friedman during his keynote address at Day 1 of Compliance Week’s virtual Cyber Risk & Data Privacy Summit on Wednesday.
“The security of software has gotten better” over time, but software is created by humans and humans make mistakes, Friedman said. “The starting point is transparency.”