As the cybersecurity industry has endeavored to reduce the risk of software supply chain security flaws, software bills of materials (SBOMs) have received a ton of attention of late, as security pundits have promoted them as a key building block in software supply chain security programs.
But like a tree falling in the forest, does the creation of an SBOM make any noise if there’s no one around using it? To benefit from the component and dependency information gathered in SBOMs, security teams must make plans to actually operationalize them.
Some of the more obvious areas for this are in application build governance and ongoing vulnerability management, but security teams can leverage SBOMs in cybersecurity incident response (IR). Here’s why — and how to put SBOMs to work.