By meticulously cataloguing every piece of code within a given software program, software bill of materials (SBOM)s can help mitigate threats to your software supply chains. These formal records of the components used to build software enhance visibility into software dependencies, which allows for better risk management and resilience.
The September 2025 Shared Vision on Software Bill of Materials (SBOM) for Cybersecurity is a collaborative effort by multiple international cybersecurity agencies to promote transparency and security in the software supply chain through adopting SBOMs.
In this FAQ, we look at what’s covered and what your business can take away to enhance your cyber resilience, in particular, perspectives on third party vendor risk management.
01
SBOMs can support vulnerability management and wider software supply chain risk management. The threats to software supply chains encompass both non-deliberate software vulnerabilities, as well as malicious actors’ deliberate injection of malware into software supply chains. The latter can involve not only attacks on software manufacturers, but also their downstream customers, which can become infected by simply downloading what appear to be legitimate updates, with high-profile examples of these incidents recently affecting thousands of companies worldwide.
02
The Shared Vision on Software Bill of Materials (SBOM) for Cybersecurity is a collaborative effort by multiple international cybersecurity agencies to promote transparency and security in the software supply chain through the adoption of SBOM.
03
The shared vision on SBOM is published by the U.S. Cybersecurity and Infrastructure Security Agency and is supported by numerous international cybersecurity agencies and organizations.
04
The shared vision on SBOMs is applicable to a wide range of organizations and industries involved in the software supply chain, including software producers and developers, organizations that procure software and entities operating software and national cybersecurity organizations.
05
The following questions will help clarify your next steps towards cyber resilience calling on the Shared Vision for SBOMs:
When all participants along the supply chain have an SBOM for a piece of software, it can reduce the time to identify and respond to vulnerabilities significantly. SBOM data allows organizations to form a more complete picture of the software and respond to information that may indicate new risks.
SBOMs provides a formal record of the details and supply chain relationships of components used in building software. This information helps you understand your software composition and identify potential vulnerabilities.
With SBOM data, your organization can map your software's dependencies to relevant lists of existing vulnerabilities and use continuous monitoring to track new vulnerabilities. This enables faster identification and response to potential security threats.
SBOMs enhance transparency across the software ecosystem, benefiting producers, customers and operators of software. This transparency can support better risk management practices and more effective vulnerability management.
By analyzing SBOM data, you can identify potential risks associated with specific software components or dependencies for more informed decision-making and strategic planning.
Do you need support to identify and respond to your cyber security vulnerabilities and limit risk through your cyber supply chain? Get in touch with our cybersecurity and cyber risk management specialists for tailored support.
