CISA: CISA Releases Two SBOM Documents

cisa logo 002

CISA Releases Two SBOM Documents


Today, CISA released two community-drafted documents around Software Bill of Materials (SBOM): Types of SBOM documents and Minimum Requirements for Vulnerability Exploitability eXchange (VEX). 

The Types of SBOM document summarizes common types of SBOMs that tools may create in the industry today, along with the data typically presented for each type of SBOM. As software goes from planning to source to build to deployed and used, tools may be able to detect subtle differences in the underlying components. These types will allow for better differentiation of tools and in the broader marketplace.

The Minimum Requirements for VEX document specifies the minimum elements to create a VEX document. This will allow interoperability between different implementations and data formats of VEX. It will also help promote integration of VEX into novel and existing security tools. This document also specifies some optional VEX elements.

Led by CISA, both publications were debated and drafted by a community of industry and government experts with the goal to offer some common guidance and structure for the large and growing global SBOM community.
 

 


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn