www.cbts.com
Open in
urlscan Pro
141.193.213.11
Public Scan
Submitted URL: https://go.cbts.com/e3t/Ctc/R+113/ckVnF04/VW9KR364VfFLW3MjZfq486vW2W97gBTk4YQlLPN6L2Zsk7lkspV5X_Kf7CgG42W3y3Qxr3bk5G...
Effective URL: https://www.cbts.com/blog/software-bill-of-materials-sboms-what-is-it-good-for/?utm_id=1111%20Re-engagement&utm_term=...
Submission: On April 03 via api from US — Scanned from DE
Effective URL: https://www.cbts.com/blog/software-bill-of-materials-sboms-what-is-it-good-for/?utm_id=1111%20Re-engagement&utm_term=...
Submission: On April 03 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
POST https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2815054/58a24c47-1946-4cdd-aaa1-8564ef95e51f
<form id="hsForm_58a24c47-1946-4cdd-aaa1-8564ef95e51f" method="POST" accept-charset="UTF-8" enctype="multipart/form-data" novalidate=""
action="https://forms.hsforms.com/submissions/v3/public/submit/formsnext/multipart/2815054/58a24c47-1946-4cdd-aaa1-8564ef95e51f"
class="hs-form-private hsForm_58a24c47-1946-4cdd-aaa1-8564ef95e51f hs-form-58a24c47-1946-4cdd-aaa1-8564ef95e51f hs-form-58a24c47-1946-4cdd-aaa1-8564ef95e51f_3a6fb9bc-83d1-4882-a2e8-be44967924d8 hs-form stacked"
target="target_iframe_58a24c47-1946-4cdd-aaa1-8564ef95e51f" data-instance-id="3a6fb9bc-83d1-4882-a2e8-be44967924d8" data-form-id="58a24c47-1946-4cdd-aaa1-8564ef95e51f" data-portal-id="2815054">
<div class="hs_email hs-email hs-fieldtype-text field hs-form-field"><label id="label-email-58a24c47-1946-4cdd-aaa1-8564ef95e51f" class="" placeholder="Enter your Email" for="email-58a24c47-1946-4cdd-aaa1-8564ef95e51f"><span>Email</span><span
class="hs-form-required">*</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input id="email-58a24c47-1946-4cdd-aaa1-8564ef95e51f" name="email" required="" placeholder="Your email here" type="email" class="hs-input" inputmode="email" autocomplete="email" value=""></div>
</div>
<div class="hs_domain__c hs-domain__c hs-fieldtype-text field hs-form-field" style="display: none;"><label id="label-domain__c-58a24c47-1946-4cdd-aaa1-8564ef95e51f" class="" placeholder="Enter your Domain"
for="domain__c-58a24c47-1946-4cdd-aaa1-8564ef95e51f"><span>Domain</span></label>
<legend class="hs-field-desc" style="display: none;"></legend>
<div class="input"><input name="domain__c" class="hs-input" type="hidden" value="cbts.com"></div>
</div>
<div class="legal-consent-container">
<div class="hs-richtext">
<p>CBTS uses the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. Click here to visit our
<strong><a href="https://www.cbts.com/privacy-policy/">Privacy Policy</a></strong>.</p>
</div>
</div>
<div class="hs_submit hs-submit">
<div class="hs-field-desc" style="display: none;"></div>
<div class="actions"><input type="submit" class="hs-button primary large" value="Submit"></div>
</div><input name="hs_context" type="hidden"
value="{"embedAtTimestamp":"1680547488135","formDefinitionUpdatedAt":"1644267046189","lang":"en","legalConsentOptions":"{\"legitimateInterestSubscriptionTypes\":[4400533],\"legitimateInterestLegalBasis\":\"LEGITIMATE_INTEREST_PQL\",\"processingConsentType\":\"IMPLICIT\",\"privacyPolicyText\":\"<p>CBTS uses the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. Click here to visit our <strong><a href=\\\"https://www.cbts.com/privacy-policy/\\\">Privacy Policy</a></strong>.</p>\",\"isLegitimateInterest\":true}","renderRawHtml":"true","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36","pageTitle":"Software bill of materials (SBOMs): what is it good for? | CBTS","pageUrl":"https://www.cbts.com/blog/software-bill-of-materials-sboms-what-is-it-good-for/?utm_id=1111%20Re-engagement&utm_term=Re-engagement%20Patch%20Management&cid=Re-engagement%20Last%20engagement%2011%20Hubspot&aid=1111%20Re-engagement%20Patch%20Management%202023331-e7&utm_campaign=1111%20Re-engagement%20Hubspot%20Email&utm_medium=2023%20Q1%203%20Re-engagement%20Patch%20Management%20Last%20engagement%2011&_hsmi=252573154&_hsenc=p2ANqtz-9-ch4AWDX9tC-qtGuEe4XgNs6FCv5jbITYvKiAedjg4RBUM7J3CgIPfROQnGO90CFJ62gXo9ZSuHaRuifFQyXdC4RSKVX9YE_40tYH9XwQ2RHCcz8&utm_content=Patch%20Management&utm_source=Email","urlParams":{"utm_id":"1111 Re-engagement","utm_term":"Re-engagement Patch Management","cid":"Re-engagement Last engagement 11 Hubspot","aid":"1111 Re-engagement Patch Management 2023331-e7","utm_campaign":"1111 Re-engagement Hubspot Email","utm_medium":"2023 Q1 3 Re-engagement Patch Management Last engagement 11","_hsmi":"252573154","_hsenc":"p2ANqtz-9-ch4AWDX9tC-qtGuEe4XgNs6FCv5jbITYvKiAedjg4RBUM7J3CgIPfROQnGO90CFJ62gXo9ZSuHaRuifFQyXdC4RSKVX9YE_40tYH9XwQ2RHCcz8","utm_content":"Patch Management","utm_source":"Email"},"isHubSpotCmsGeneratedPage":false,"hutk":"ca811d87709d6c2a3ac0c2ff8db02142","__hsfp":3897811554,"__hssc":"119102422.1.1680547488994","__hstc":"119102422.ca811d87709d6c2a3ac0c2ff8db02142.1680547488993.1680547488993.1680547488993.1","formTarget":"#hbspt-form-3a6fb9bc-83d1-4882-a2e8-be44967924d8","sfdcCampaignId":"7010y000001TxrCAAS","locale":"en","timestamp":1680547489011,"originalEmbedContext":{"portalId":"2815054","formId":"58a24c47-1946-4cdd-aaa1-8564ef95e51f","region":"na1","target":"#hbspt-form-3a6fb9bc-83d1-4882-a2e8-be44967924d8","isBuilder":false,"isTestPage":false,"css":"","isMobileResponsive":true,"sfdcCampaignId":"7010y000001TxrCAAS"},"correlationId":"3a6fb9bc-83d1-4882-a2e8-be44967924d8","renderedFieldsIds":["email","domain__c"],"captchaStatus":"NOT_APPLICABLE","emailResubscribeStatus":"NOT_APPLICABLE","isInsideCrossOriginFrame":false,"source":"forms-embed-1.2933","sourceName":"forms-embed","sourceVersion":"1.2933","sourceVersionMajor":"1","sourceVersionMinor":"2933","_debug_allPageIds":{},"_debug_embedLogLines":[{"clientTimestamp":1680547488214,"level":"INFO","message":"Retrieved pageContext values which may be overriden by the embed context: {\"pageTitle\":\"Software bill of materials (SBOMs): what is it good for? | CBTS\",\"pageUrl\":\"https://www.cbts.com/blog/software-bill-of-materials-sboms-what-is-it-good-for/?utm_id=1111%20Re-engagement&utm_term=Re-engagement%20Patch%20Management&cid=Re-engagement%20Last%20engagement%2011%20Hubspot&aid=1111%20Re-engagement%20Patch%20Management%202023331-e7&utm_campaign=1111%20Re-engagement%20Hubspot%20Email&utm_medium=2023%20Q1%203%20Re-engagement%20Patch%20Management%20Last%20engagement%2011&_hsmi=252573154&_hsenc=p2ANqtz-9-ch4AWDX9tC-qtGuEe4XgNs6FCv5jbITYvKiAedjg4RBUM7J3CgIPfROQnGO90CFJ62gXo9ZSuHaRuifFQyXdC4RSKVX9YE_40tYH9XwQ2RHCcz8&utm_content=Patch%20Management&utm_source=Email\",\"userAgent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36\",\"urlParams\":{\"utm_id\":\"1111 Re-engagement\",\"utm_term\":\"Re-engagement Patch Management\",\"cid\":\"Re-engagement Last engagement 11 Hubspot\",\"aid\":\"1111 Re-engagement Patch Management 2023331-e7\",\"utm_campaign\":\"1111 Re-engagement Hubspot Email\",\"utm_medium\":\"2023 Q1 3 Re-engagement Patch Management Last engagement 11\",\"_hsmi\":\"252573154\",\"_hsenc\":\"p2ANqtz-9-ch4AWDX9tC-qtGuEe4XgNs6FCv5jbITYvKiAedjg4RBUM7J3CgIPfROQnGO90CFJ62gXo9ZSuHaRuifFQyXdC4RSKVX9YE_40tYH9XwQ2RHCcz8\",\"utm_content\":\"Patch Management\",\"utm_source\":\"Email\"},\"isHubSpotCmsGeneratedPage\":false}"},{"clientTimestamp":1680547488215,"level":"INFO","message":"Retrieved countryCode property from normalized embed definition response: \"DE\""},{"clientTimestamp":1680547489006,"level":"INFO","message":"Retrieved analytics values from API response which may be overriden by the embed context: {\"hutk\":\"ca811d87709d6c2a3ac0c2ff8db02142\"}"}]}"><iframe
name="target_iframe_58a24c47-1946-4cdd-aaa1-8564ef95e51f" style="display: none;"></iframe>
</form>Text Content
* Partners
* Channel Partner Program
* Certified Partner Program
* Strategic Partnerships
* Careers
* Blog
* Support
* MyCBTS
Toggle navigation
* Why CBTS
* Who we are
* Certifications
* Strategic Partnerships
* Events & News
* Resource Center
* Achieving Business Outcomes
* Customer Stories
* Solutions By Industry
* State and Local Government
* Education
* Healthcare
* Cloud
* Cloud Overview
* Public Cloud
* Managed AWS Cloud
* Managed Azure Cloud
* Microsoft Licensing
* Cloud Consulting
* Data Protection Services
* Cloud Management
* Communications
* Communications Overview
* Unified Communications as a Service (UCaaS)
* Unified Communications Overview
* Microsoft Teams Voice
* Webex Calling
* SD-WAN
* Network Security as a Service
* Network as a Service (NaaS)
* Contact Center as a Service
* Unified Collaboration
* Infrastructure
* Infrastructure Overview
* Network
* Compute
* Data Management
* Infrastructure as a Service
* Transformation Workshop
* Consulting
* Consulting Services Overview
* IT Staffing and Consulting
* Application Services Overview
* Security
* Security Overview
* Managed Security Services
* Security Services and Assessments
* Cloud Security
* Security Technology
* Contact Us
* Partners
* Channel Partner Program
* Certified Partner Program
* Strategic Partnerships
* Careers
* Blog
* Support
* MyCBTS
SOFTWARE BILL OF MATERIALS (SBOMS): WHAT IS IT GOOD FOR?
October 6, 2022
Share
Ryan Hamrick
Security Consulting Manager
Absolutely EVERYTHING!
A software bill of materials lists the components used to build an application.
As an attack vector, the computer supply chain is attractive one and attacks on
it continue to rise. Most people view a supply chain attack as something that
affects only hardware. A typical scenario would involve a malicious actor
working in a factory. This bad actor installs chips into the hardware that allow
some kind of remote access once the system is booted or, alternatively,
pre-install malware on a hard drive before the computer ships. But these days
this can also include a “software” supply chain.
The hardware world has long had a complete list of components shipped as part of
a system delivery known as a “Bill of Materials.” This BOM provides the customer
with a detailed inventory of all the parts and pieces of a box, usually down to
the types of memory installed, the processor model, everything. On rare
occasions, this would include at least a starting firmware/software version,
whatever the OEM put into the system itself.
A software bill of materials (SBOM) is the software equivalent of the hardware
version: a list of all the components used to build an application, including
any open-source or commercial components in addition to whatever code is
original to the vendor. SBOMs, though, have not been quite as standard as their
hardware counterparts.
Read more: How do you ensure the security of your supply chain?
WHY IS A SOFTWARE BILL OF MATERIALS IMPORTANT?
Not surprisingly, the information in a bill of materials can help determine how
to fix something on whatever system to which the BOM is referring. On the
hardware side, serial numbers, component specifics, and overall product
identification numbers are essential when replacing a hard drive, motherboard,
memory module, or any other hardware item.
Think of a software bill of materials (SBOM) in the same context. Wouldn’t it be
simpler to fix a software bug if you had a list of all the additional software
components in an application? Wouldn’t you sleep better at night knowing that
your application consumes a specific Python library for input and output? What
about your logging components? And—I’m just spitballing here—wouldn’t it be
great to know for sure that you didn’t have a vulnerable version of a logging
component for some, oh, I don’t know, web server like Apache?
Yeah, I know: it seems so far-fetched that something like that would ever be a
threat, right?
Not only is it important to know where your software comes from, it’s also
important to know what software components and shared libraries you have running
on your devices or inside your applications. That’s where the concept of a
software bill of materials comes into play.
With an inventory of all the software components used in an application or on a
deployed device, your organization can finally figure out if you use Open Source
Software library A, or custom software library B, and then which asset has which
version!
Certainly, that would make those late-night calls over winter vacation much
easier to take, as the solution to the question “do we run this?” would be right
at your fingertips!
More on avoiding late-night, vacation-time emergencies: Improve your
cybersecurity defense with centralized logging, continued: A deeper dive!
AREN’T SOFTWARE BILLS OF MATERIALS ALREADY STANDARD PROCEDURE?
Unfortunately, no.
The good news is that the National Telecommunications and Information
Administration (NTIA) has been thinking about this concept since 2018! They’ve
put together a site for practitioners to use and learn about SBOMs, and have
written up some FAQs and consumable documents that help guide anyone new to this
concept. Additionally, the Cybersecurity and Infrastructure Agency (CISA) has
created weekly workstream meetings to share information with anyone interested,
based on different topics. You can find the workstream events listed here.
WHAT TO DO IN THE MEANTIME
Ultimately, either generating your own software bills of materials or asking
your vendors to supply them will substantially increase your ability as an
organization to answer those age-old questions:
1. Are we vulnerable to this new zero-day vulnerability?
2. Where exactly are we vulnerable to it?
If you find yourself needing to create the SBOM yourself, be sure to visit that
NTIA site, which also offers guides to creating SBOMs, evaluating the many
online resources to help you out, and dispelling misconceptions about SBOMs (for
example, they are not really a roadmap for hackers; the benefits to you are far
greater than to a hacker who has so many other exploits available).
Taking time and care to catalog your software components correctly (and update
that catalog frequently!) will help you and your leadership sleep better at
night. For the most part.
Sleep even better with help from our security team! Contact us today with your
security needs.
Read up on things you can do right now to strengthen your security posture:
Why should you do information security awareness and training?
Car parts and cybersecurity: what is Google dorking?
The value of phishing simulation in a strong security program
Improve your cybersecurity defense with centralized logging
Share
SUBSCRIBE TO OUR BLOG
Email*
Domain
CBTS uses the contact information you provide to us to contact you about our
products and services. You may unsubscribe from these communications at any
time. Click here to visit our Privacy Policy.
✓
Thanks for sharing!
AddToAny
More…
* Why CBTS
* Cloud
* Communications
* Infrastructure
* Consulting Services
* Resources
* Company
* Social Impact
* Events & News
* Leadership
* Locations
* Partners
* Careers
Contact Us
*
*
*
*
* Privacy policy
* Terms of use
* Sitemap
* Copyright CBTS 2023
* Cookies Settings
PRIVACY PREFERENCE CENTER
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All
MANAGE CONSENT PREFERENCES
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
BACK BUTTON BACK
Vendor Search Search Icon
Filter Icon
Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Confirm My Choices
COOKIE NOTIFICATION
This website stores cookies on your computer. These cookies are used to collect
information about how you interact with our website and allow us to remember
you. We use this information in order to improve and customize your browsing
experience and for analytics and metrics about our visitors both on this website
and other media.Privacy Policy
Accept All Cookies
Cookies Settings