Device and IoT manufacturers must manage risk around the rapidly growing dependency on open source software, which directly impacts trust among software supply chain vendors and suppliers. How a software bill of materials (SBOM) plays a critical role, discusses Mark Gisi, director of the open source program office at Wind River Systems.
Imagine that you’ve injured yourself. You think you’ve broken a bone—maybe a toe. You go to a doctor to determine what’s happened and how to treat the injury.
Who would you trust more? The doctor who just looks at the outside of your foot or the doctor who orders and reads an x-ray for clarity into what’s actually going on inside.
Just as x-rays provide insight to what’s happening in your body, an open source software bill of materials (SBOM) provides details of what’s going on inside your software and how to handle it.
Device and IoT manufacturers need to effectively manage risk around the rapidly growing dependency on open source software (OSS), which directly impacts trust among software supply chain vendors and suppliers. For this reason, the SBOM is a cornerstone of every robust software composition analysis (SCA) program. Here we’ll look at why that is, the critical role the SBOM plays in establishing trust around the use of open source, and why a quality SBOM is essential to the success of both internal and external stakeholders.
Read the full article here