Software Bill of Materials (SBOM)

This document, further defines and clarifies SBOM Attributes from the 2021 Framing Software Component Transparency document, offering descriptions of the minimum expected, recommended practices, and aspirational goal for each Attribute.

This guide provides information on the benefits of SBOM, common misconceptions and concerns, creation of an SBOM, distributing and sharing an SBOM, and role specific guidance.

View information about the upcoming SBOM-a-Rama September 11-12, 2024.

Acknowledging key differences between SaaS and non-SaaS software, this paper discusses the value of SBOM-driven transparency for SaaS and offers recommendations for advancing transparency in SaaS software.

This document provides examples of how software bill of materials (SBOM) can be shared between different actors across the software supply chain. The examples demonstrate SBOM sharing methods currently in use, ranging from proprietary software vendor

Building on the SBOM Sharing Lifecycle Report, this document defines the three roles (SBOM Author, SBOM Consumer, and SBOM Distributor) of the SBOM sharing lifecycle and the factors they should keep in mind or be aware of when engaging in the three p

Software producers, such as product manufacturers and integrators, often need to assemble and test a set of products together before delivering to their customers. This set of products may contain components that undergo version changes over time and

This document seeks to explain the circumstances and events that could lead an entity to issue Vulnerability Exploitability eXchange (VEX) information and describes the entities that create or consume VEX information. Whether, and when, to issue VEX