IBM Contributes Supply Chain Security Tools to OWASP

IBM has donated two open source supply chain tools, SBOM Utility and License Scanner, to the Open Worldwide Application Security Project (OWASP) Foundation’s CycloneDX Software Bill of Materials (SBOM) standard. These tools will address two key shortcomings in CycloneDX, a full-stack BOM standard that provides advanced supply chain risk mitigation. This follows a rise in supply chain attacks and the discovery of a vulnerability in the Log4j library, emphasizing the need for organizations to be more aware of the components and dependencies used in their software.