Source: thenewstack.io
A Good SBOM Is Hard to Find
A https://thenewstack.io/how-to-create-a-software-bill-of-materials/ tells the consumer what’s inside the software to determine better if there is a security problem. The idea is that the software gets patched without necessarily returning to the vendor.
In theory, the software bill of materials serves as a full machine-readable listing of all the application dependencies, so the developer can rely on that and decide its security.
So that means identifying the app as well as identifying the software dependencies inside the app.”
“First of all, there are a lot of software languages where actually interrogating what’s inside the build is incredibly difficult,” Hutchings said.
In theory, the software bill of materials serves as a full machine-readable listing of all the application dependencies, so the developer can rely on that and decide its security.
So that means identifying the app as well as identifying the software dependencies inside the app.”
“First of all, there are a lot of software languages where actually interrogating what’s inside the build is incredibly difficult,” Hutchings said.
Related Articles
Community Partners
DevOps Careers