Challenges remain in SBOM adoption

CyberScoop reports that the widespread adoption of software bills of materials continues to be a challenge. Cybersecurity and Infrastructure Security Agency Senior Advisor Allan Friedman noted that encouraging SBOM implementation presents "a chicken and egg problem." "No one was asking for it so no one was supplying it; no one was supplying it so no one was asking for it," said Friedman, who leads SBOM research for the Department of Homeland Security. Existing SBOMs have also been riddled with inconsistencies, bugs, and incomplete data, according to Chainguard's Dan Lorenc. Such prevalence of subpar SBOMs has prompted the prioritization of SBOM quality improvements at CISA in the near term, with Friedman noting that increasing SBOM production would eventually shift the focus to SBOM consumption. "The magic will happen when we can consume good quality SBOMs across the ecosystems and have the data to match them up to vulnerabilities," said Linux Foundation computer scientist Kate Stewart.