Software Bill of Materials Starter Guide
A Software Bill of Materials (SBOM) is an important building block in improving the transparency of a software supply chain and in strengthening security. SBOM helps organisations gain insight into dependencies in their supply chain. Together with TNO, NCSC-NL investigated how organisations can implement and integrate SBOMs in a practical manner.
The SBOM starter guide offers managers that are involved in their organisation’s security strategy tools to start working with SBOM. This guide describes how organisations can set up processes for the use of SBOMs and describes how processes for SBOM sharing and management can be set up. It also contains useful tips for setting up agreements with suppliers. The SBOM starter guide further provides additional in-depth information, for instance on how SBOMs can be used in vulnerability management.
The information in this guide is based on desk research, a workshop with representatives of the target group for this guide and interviews with organisations that have already gained experience with the use of SBOM.
Questions about this guide? Email research@ncsc.nl