Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

CISA Issues New SBOM Guidelines

January 29, 2024
Reading Time: 2 mins read
in Alerts
CISA Issues New SBOM Guidelines

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines for software producers, emphasizing the importance of creating Software Bills of Materials (SBOMs) to enhance supply chain security.

The guidance, published on Friday, outlines step-by-step instructions for building SBOMs, which are comprehensive lists detailing the components of a software product. These include technical specifications for creating SBOMs and additional measures for transparency, such as providing identifiers for product components and including hashes for software artifacts. SBOMs, likened to ingredient lists for food products, are essential for understanding the makeup of software products, including their components, dependencies, and third-party libraries.

This initiative aligns with a 2021 White House executive order requiring federal agencies to use SBOMs in software development and procurement. CISA’s focus on SBOMs aims to improve software security and supply chain risk management, a crucial aspect given the challenges faced by many agencies in integrating these lists into IT contracts with software manufacturers. In its efforts to promote the adoption and understanding of SBOMs, CISA has been proactive.

In 2023, the agency organized an “SBOM-a-rama” event, which was intended to educate the software and security communities about the importance of SBOMs and to share insights on community-led work in this area. Additionally, in April, CISA released a report detailing the different phases of the SBOM-sharing life cycle.

This report is a resource for both public and private sectors, offering guidance on selecting solutions that enhance transparency and information sharing between software manufacturers and consumers. In the latest guidance, CISA lays out a five-step process for creating an SBOM for a product line.

These steps include determining an identifier and versioning system, listing all components distributed together, providing a version number for each component, and referencing the build SBOM for each component image in the product group. This structured approach is aimed at standardizing the process and ensuring that SBOMs are comprehensive and useful for risk mitigation in software supply chains.

Reference:
  • guidance-assembling-group-products-sbom
Tags: CISACyber AlertCyber Alerts 2024Cyber RiskCyber threatJanuary 2024RansomwareSoftware
ADVERTISEMENT

Related Posts

Chrome Extensions Leak Data And API Keys

Chrome Extensions Leak Data And API Keys

June 6, 2025
Chrome Extensions Leak Data And API Keys

AMOS Stealer Hits macOS Via Fake CAPTCHA

June 6, 2025
Chrome Extensions Leak Data And API Keys

BADBOX Turns 1M+ IoT Devices Into Proxies

June 6, 2025
UNC6040 Vishing Group Target Salesforce Data

UNC6040 Vishing Group Target Salesforce Data

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

New Chaos RAT Variant Hits Windows and Linux

June 5, 2025
New Chaos RAT Variant Hits Windows and Linux

FBI Warns Hedera NFT Airdrop Crypto Scam

June 5, 2025

Latest Alerts

AMOS Stealer Hits macOS Via Fake CAPTCHA

Chrome Extensions Leak Data And API Keys

BADBOX Turns 1M+ IoT Devices Into Proxies

FBI Warns Hedera NFT Airdrop Crypto Scam

New Chaos RAT Variant Hits Windows and Linux

UNC6040 Vishing Group Target Salesforce Data

Subscribe to our newsletter

    Latest Incidents

    German Dog Rescue IG Hacked For Ransom

    Hack Attempt Hits German Police Phone System

    InfoJobs Spain Hit By Credential Stuffing

    KiranaPro Startup Hacked All Data Wiped

    Nervos Bridge Paused After $3.9 Million Hack

    Ukraine GUR Claims Tupolev Data Theft Hack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial