From the Fall 2021 Issue

A Software Bill of Materials Is Critical for Comprehensive Risk Management

Author(s):

Dr. Georgianna Shea, Chief Technologist for Center on Cyber and Technology Innovation and TCIL, The Foundation for Defense of Democracies

A software Bill of Material

Executive Summary Very little software is entirely original. Software developers use existing, open-source, and commercially available software components to create new products. On average, 75 percent of a software product is open-source code, according to the 2021 Open-Source Security and Risk Analysis Report. This presents a cyber-risk management problem. The customer cannot effectively manage assets … Read more