Software inventories may give hackers ‘clearer route for attacks’

Industry experts warn that US calls for a more comprehensive software bill of materials (SBOM) framework could potentially help threat actors wage targeted attacks against software providers by providing them with more information. An SBOM is an inventory of the elements that constitute a specific software. While experts generally support SBOMs to boost supply chain protections, they caution against excessive regulation scope. For instance, revealing the entire SBOM might provide adversaries with insights into the elements they should target. SBOMs were introduced in 2010 to enhance secure software development and manage supply chain risk.