You have probably heard about the SBOM – Software Bill Of Materials, and you might have even heard that it’s important and useful for security and that you should start producing and using it right away.
But what can you actually do with an SBOM? How can you use it today to increase the overall security of your software product or of the third-party software you’re using?
Steve Springett is the Chair of the CycloneDX Core Working Group at OWASP. He also leads the OWASP Dependency-Track project and the OWASP Software Component Verification Standard (SCVS).