Inside DHS’s work to drive wider adoption of SBOMs

With all of the critical cyberattacks executed through the software supply chain in recent years, you’re sure to have heard about SBOMs, or software bills of materials, which are essentially ingredients lists of the components that make up a piece of software. The Biden administration in its 2021 cybersecurity executive order introduced new guidance for how federal agencies should request SBOMs from vendors when purchasing software so they can better understand what it’s made of and protect against attacks down the supply chain.

The Department of Homeland Security, through its Science and Technology Directorate, is advancing federal work on SBOMs, namely through a program led by its Silicon Valley Innovation Program. In partnership with CISA, the Silicon Valley Innovation Program in 2023 awarded funding to a cohort of startups to broadly promote the use of SBOMs by developing two core software modules—a multi-format SBOM translator and a software component identifier translator—to be delivered as open-source libraries which, in turn, will be integrated with their SBOM enabled commercial products. Just recently, that cohort delivered the first of those two tools.

Joining the Daily Scoop to discuss the need for SBOMs broadly, the cohort’s progress and what’s next are Melissa Oh, managing director of DHS’s Silicon Valley Innovation Program, and Anil John, SVIP technical manager.

The Daily Scoop Podcast is available every Monday-Friday afternoon.

If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Google Podcasts and Spotify.