1. https://appdevelopermagazine.com/security
  2. https://appdevelopermagazine.com/sbom-mandate-to-improve-cybersecurity-in-the-us/
3/17/2023 10:52:08 AM
SBOM mandate to improve cybersecurity in the US
SBOM,Cybersecurity,Attacks,Intelligent Cybersecurity,Software Based Security
/SBOM-mandate-to-improve-cybersecurity-in-the-US-App-Developer-Magazine_aqzqvsa3.jpg
App Developer Magazine

Security

SBOM mandate to improve cybersecurity in the US


Friday, March 17, 2023

Austin Harris Austin Harris

Cybersecurity attacks have become all too commonplace in the government and private sectors. A recent presidential executive order seeks to minimize the cyber threats to national security by mandating that all software developers that contract with the Federal Government provide an (SBOM).

The number of cyberattacks waged against government sectors worldwide increased by 95% in the second half of 2022 compared to the same time period in 2021. (1) The global cost of cyberattacks is expected to grow exponentially from $8.44 trillion in 2022 to $23.84 trillion by 2027. (2) To support the nation’s critical infrastructure and Federal Government networks, the White House issued Executive Order 14028, “Improving the Nation’s Cybersecurity” in May 2021. (3) The EO defines the security measures that must be followed by any software publisher or developer that does business with the Federal Government. One of these measures requires all software developers to provide a Software Bill of Materials (SBOM), a complete inventory list of components and libraries that comprise a software application. Walt Szablowski, Founder and Executive Chairman of Eracent, which has provided complete visibility into its large enterprise clients’ networks for over two decades, observes, "SBOMs are meaningless unless they are part of a larger strategy that identifies risks and vulnerabilities across the software supply chain management system."

The National Telecommunications and Information Administration (NTIA) defines a Software Bill of Materials as "a complete, formally structured list of components, libraries, and modules that are required to build a given piece of software and the supply chain relationships between them." (4) The U.S. is especially vulnerable to cyberattacks because much of its infrastructure is controlled by private companies who may not be equipped with the level of security necessary to thwart an attack. (5) The key benefit of SBOMs is that they enable organizations to identify whether any of the components that make up a software application may have a vulnerability that can create a security risk.

The Government's Software Bill of Materials (SBOM) mandate is part of a bigger cybersecurity picture

While U.S. government agencies will be mandated to adopt SBOMs, commercial companies would clearly benefit from this extra level of security. As of 2022, the average cost of a data breach in the U.S. is $9.44 million, with a global average of $4.35 million. (6) According to a Government Accountability Office (GAO) report, the Federal Government runs three legacy technology systems dating back five decades. The GAO warned that these outdated systems increase security vulnerabilities and frequently run on hardware and software that is no longer supported. (7)

"There are two key aspects that every organization will have to address when using SBOMs. First, they must have a tool that can quickly read all of the details in an SBOM, match the results to known vulnerability data, and provide heads-up reporting. Second, they must be able to establish an automated, proactive process to stay on top of SBOM-related activity and all of the unique mitigation options and processes for each component or software application," explained Szablowski.

Eracent’s cutting-edge Intelligent Cybersecurity Platform (ICSP) Cyber Supply Chain Risk Management (C-SCRM) module is unique in that it supports both of these aspects to provide an additional, critical level of protection to minimize software-based security risks. This is essential when initiating a proactive, automated SBOM program. The ICSP C-SCRM offers comprehensive protection with instant visibility to mitigate any component-level vulnerabilities. It recognizes obsolete components that can also increase security risk. The process automatically reads the itemized details within the SBOM and matches each listed component to the most up-to-date vulnerability data using Eracent’s IT-Pedia IT Product Data Library, a single, authoritative source for essential data concerning millions of IT hardware and software products."

SBOM mandate to improve cybersecurity in the US


Maximizing the benefits of SBOMs requires Supply Chain Risk Management

Maximizing the benefits of SBOMs requires Supply Chain Risk Management

Walt Szablowski, Founder and Executive Chairman of Eracent, cautions all software users that maximizing the benefits of SBOMs requires Supply Chain Risk Management that uses a consolidated and proactive approach to mitigating software vulnerabilities.

A vast majority of commercial and custom applications contain open-source code. Standard vulnerability analysis tools do not scrutinize individual open-source components within applications. However, any one of these components may contain vulnerabilities or obsolete components, increasing software susceptibility to cybersecurity breaches.

"Most tools let you create or analyze SBOMs, but they are not taking a consolidated, proactive management approach - structure, automation, and reporting. Companies need to understand the risks that may exist in the software they use, whether open-source or proprietary. And software publishers need to understand the potential risks inherent in the products they offer. Organizations need to fortify their cybersecurity with the enhanced level of protection Eracent’s ICSP C-SCRM system delivers," noted Szablowski.






Subscribe to App Developer Magazine

Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.

MEMBERS GET ACCESS TO

  • - Exclusive content from leaders in the industry
  • - Q&A articles from industry leaders
  • - Tips and tricks from the most successful developers weekly
  • - Monthly issues, including all 90+ back-issues since 2012
  • - Event discounts and early-bird signups
  • - Gain insight from top achievers in the app store
  • - Learn what tools to use, what SDK's to use, and more

    Subscribe here



Stay Updated

Sign up for our newsletter for the headlines delivered to you

SuccessFull SignUp

Featured Stories


AI Executive Order aims to balance security and innovation
AI Executive Order aims to balance security and innovation Monday, June 29, 2026


Top manufacturing trends for 2026
Top manufacturing trends for 2026 Tuesday, June 23, 2026




API scoring tool shows if your API is ready for AI
API scoring tool shows if your API is ready for AI Monday, June 22, 2026


Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP
Agentic AI Reality Check: The Million-Dollar Mistake Hiding Inside ERP Friday, June 19, 2026


Influencer Debate AI Anthropic IPO Reveals Industry Concerns
Influencer Debate AI Anthropic IPO Reveals Industry Concerns Wednesday, June 17, 2026


Subscription apps are losing users faster than ever
Subscription apps are losing users faster than ever Tuesday, June 16, 2026


DomainTools announces real time threat feeds
DomainTools announces real time threat feeds Monday, June 15, 2026


Take It Down Act results in warning letters from FTC
Take It Down Act results in warning letters from FTC Friday, June 12, 2026


Nvidia valuation fears grow
Nvidia valuation fears grow Friday, June 12, 2026


Anthropic launches Claude Design
Anthropic launches Claude Design Wednesday, June 10, 2026


Get More App News