Introducing the Tool-to-Tool Software Bill of Materials Specification
Presented live on October 7, 2020
Through the Software Transparency Initiative fostered by the U.S. National Telecommunications and Information Administration (NTIA), much attention has focused on identifying the needs for Software Bill of Materials (SBOM) information in end-user organizations.
This extends to understanding the software content of operational systems, the supplier communities of that software, and whether that equipment has software embedded or they are directly supplying software. At the same time, the software development tooling ecosystem - those organizations that will be key in supplying the tools that are foundational to supplying automated SBOM information - are actively engaged with community partners in driving the SBOM standard based on nine usage scenarios that align with NTIA’s, so that the industry can create SBOM-enabled tooling.
SBOM-enabled tooling will support –
- Creating SBOMs for existing software and, more importantly,
- All new software created going forward has an SBOM as a normal part of developing and managing the software.
The 30+ organizations working with CISQ and OMG on the Tool-to-Tool (3T) SBOM Exchange Standard are working to enable the different software development, assessment, audit, and analysis tools to seamlessly create and exchange SBOMs, including those supporting DevSecOps abilities across the market.
You can learn more about SBOM specification here.