NEWSLETTER
Sunday, June 22, 2025
The Novum Times
No Result
View All Result
  • Home
  • World
    • USA
    • United Kingdom
    • India
    • China
    • Europe
    • Africa
    • Middle East
    • Asia Pacific
    • Canada
    • Australia
  • Politics
  • Business
  • Health
  • Economy
  • Sports
  • Entertainment
  • Technology
  • Cryptocurrency
  • Gossips
  • Travel
  • Lifestyle
  • Home
  • World
    • USA
    • United Kingdom
    • India
    • China
    • Europe
    • Africa
    • Middle East
    • Asia Pacific
    • Canada
    • Australia
  • Politics
  • Business
  • Health
  • Economy
  • Sports
  • Entertainment
  • Technology
  • Cryptocurrency
  • Gossips
  • Travel
  • Lifestyle
No Result
View All Result
The Novum Times
No Result
View All Result

Demonstrating Transparency through Software Bill of Materials (SBOM)

by The Novum Times
9 August 2023
in Business
Reading Time: 3 mins read
A A
Home Business
Share on FacebookShare on TwitterShare on Whatsapp


Cisco is proud to announce the general availability of an entirely new capability in the software industry and a first for Cisco: the distribution of SPDX-formatted Software Bill of Materials (SBOMs). SBOMs are a crucial step forward in providing visibility and ultimately, greater resilience across the entire software supply chain. As of June 2023, most customers and partners can request an SBOM for any supported on-premise Cisco software released after September 2021.

I have blogged about Ciscoโ€™s commitment to transparency, specifically our support for SBOMs and our desire to collaborate across the software community to build the next generation of transparency. Today, Cisco stands ready to distribute SBOMs. This comes before other large technology vendors, ahead of the forthcoming government mandates, to customers outside of the public sector, and in a standardized, machine-readable format. Considering the shared complexities across the software industry, this is an important moment to recognize in our march toward software transparency that reduces risk.

The idea of an SBOM is deceptively simple, a machine-readable data format for organizing metadata describing the composition of software artifacts. SBOMs document the third-party software components contained in a downloadable software image. Cisco customers can download and use software in many ways, including client applications that run on end-user devices (e.g., Cisco Secure Client with AnyConnect), hardware-based appliances with applications running on Cisco-maintained operating systems (e.g., Identity Services Engine), virtualized applications that run in customersโ€™ data centers or public cloud environments (e.g., Intersight), and network operating systems that power Cisco routers, switches, and firewalls (e.g., IOS XE, IOS XR, Nexus OS, FTD).  The pervasiveness and scale of software across networks combined with decades of software evolution highlights the incredible complexity that SBOMs are attempting to overcome.

The novelty of SBOMs is in standardizing how dependency metadata is documented; Cisco can make software dependency information which was previously only used internally useful for customers and organizations beyond Cisco. Sharing SBOMs across organizational boundaries provides customers with visibility into a software vendorsโ€™ upstream dependencies. Distributing SBOMs to our customers and partners underscores Ciscoโ€™s commitment to software transparency that both improves software supply chain resiliency and reduces cascading risk.

I often describe the software supply  chain  graph to illustrate the complexities that make documenting SBOMs an intricate problem shared across the software industry. Several factors have contributed to Ciscoโ€™s ability to deliver on this commitment, which we believe will help your organization to adopt SBOMs:

Strong Foundation: For more than a decade, an internal ecosystem of tools and processes has managed Ciscoโ€™s third-party software At Cisco SBOM requirements are part of the Cisco Secure Development Lifecycle policy. Start by defining your internal policies for third party software risk management and compliance.
Standardized Approach: Cisco supports the development of SBOM-related standards, including SPDX, CSAF, and OmniBOR. We have improved internal tools supporting these external standards and have set internal standards to ensure quality and consistency in the SBOMs we distribute. Start by defining the process you will use across your organization; at Cisco we refer to this as the SBOM workflow.
Centralized Services: New investments across Cisco have enabled the centralized development of capabilities that any engineering team can use to reduce duplication of SBOM tools and services and to accelerate SBOM adoption. Start by identifying the distinct types of software your organization distributes and creating requirements for centralized services to support all your software distribution types.
Unified Commitment: A collaborative rollout of SBOMs across multiple engineering organizations at Cisco underscores our focus to meet our customersโ€™ needs. Start by gaining support from organizational leaders; at Cisco we regularly communicate updates to engineering and security leaders.

While this is a significant step forward, industry is early in this SBOM journey, and at Cisco we continue to identify areas to improve. To accelerate adoption, SBOMs must be natural biproducts of the software build process. Software build environments are the manufacturing lines for products. Breaking the build process by instrumenting new tools or updating libraries can have significant economic repercussions. It will take time for SBOM tooling to become stable, scalable, and available across programming languages, version control systems, compilers and linkers, CI/CD and pipeline automation tools, and packaging ecosystems. General availability of these tools is necessary to minimize human intervention as we aim to improve the accuracy and completeness of SBOMs.

Additional work in standardizing the distribution, consumption, and analysis of SBOMs alongside other datasets is also necessary. We welcome your comments and encourage you to consider the following two questions:

How are you adopting SBOMs in your organization?
What is your biggest priority as SBOMs continue to gain traction?

Learn more about SBOMs at Cisco.

Weโ€™d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels

InstagramFacebookTwitterLinkedIn

Share:



Source link

Tags: BillDemonstratingmaterialsSBOMsoftwareTransparency

Related Posts

7 Safety Tips For Using A Dumpster Rental

7 Safety Tips For Using A Dumpster Rental

by The Novum Times
10 November 2023
0

Construction projects create a lot of waste. According to Industrial Safety & Hygiene News (ISHN), construction and demolition activities account...

Worker Is Crushed by a Robot That Mistook Him for a Box

Worker Is Crushed by a Robot That Mistook Him for a Box

by The Novum Times
10 November 2023
0

Police are investigating a horrific incident that occurred in South Korea when a man was crushed to death by an...

โ€˜Murder Is The Caseโ€™ Keefe D Faces For Allegedly Killing Tupac

โ€˜Murder Is The Caseโ€™ Keefe D Faces For Allegedly Killing Tupac

by The Novum Times
10 November 2023
0

by Cedric 'BIG CED' Thornton November 9, 2023 Keefe D is the only living person who was in the vehicle...

Cisco and Rockwell strengthen OT/ICS security with visibility for converged plantwide ethernet (CPwE)

Cisco and Rockwell strengthen OT/ICS security with visibility for converged plantwide ethernet (CPwE)

by The Novum Times
9 November 2023
0

The turtle, protected by its hard shell, is a good metaphor for the security model used in most industrial networks....

Michael Oher Allegedly Received 8K In Proceeds From โ€˜The Blind Sideโ€™ Film Despite Claiming He Never Saw Profits From His Story

Michael Oher Allegedly Received $138K In Proceeds From โ€˜The Blind Sideโ€™ Film Despite Claiming He Never Saw Profits From His Story

by The Novum Times
9 November 2023
0

by Iman Milner November 9, 2023 Michael Oher, the subject of the 2009 film The Blind Side, allegedly received more...

Next Post
WFI ex-chief Brij Bhushan in court

WFI ex-chief Brij Bhushan in court

What Web 3.0 Means for Small Businesses

What Web 3.0 Means for Small Businesses

CATEGORIES

  • Africa
  • Asia Pacific
  • Australia
  • Business
  • Canada
  • China
  • Cryptocurrency
  • Economy
  • Entertainment
  • Europe
  • Gossips
  • Health
  • India
  • Lifestyle
  • Mental Health
  • Middle East
  • News
  • Opinions
  • Politics
  • Sports
  • Technology
  • Travel
  • United Kingdom
  • USA

CATEGORIES

  • Africa
  • Asia Pacific
  • Australia
  • Business
  • Canada
  • China
  • Cryptocurrency
  • Economy
  • Entertainment
  • Europe
  • Gossips
  • Health
  • India
  • Lifestyle
  • Mental Health
  • Middle East
  • News
  • Opinions
  • Politics
  • Sports
  • Technology
  • Travel
  • United Kingdom
  • USA

Browse by Tag

Biden Bitcoin Business Canada case Channel China court Cup day dead deal Death Diplomat free global Health Home India Jammu Kashmir killed latest Life Live man National News NPR people Police POLITICO Russia South Time Times Top Tourism Trump U.S UAE Ukraine war world Years
  • About Us
  • Advertise With Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact Us

Copyright ยฉ 2023 Novum Times.
Novum Times is not responsible for the content of external sites.

No Result
View All Result
  • Home
  • World
    • USA
    • United Kingdom
    • India
    • China
    • Europe
    • Africa
    • Middle East
    • Asia Pacific
    • Canada
    • Australia
  • Politics
  • Business
  • Health
  • Economy
  • Sports
  • Entertainment
  • Technology
  • Cryptocurrency
  • Gossips
  • Travel
  • Lifestyle

Copyright ยฉ 2023 Novum Times.
Novum Times is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In