SBOM FAQ

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

This guide provides information on the benefits of SBOM, common misconceptions and concerns, creation of an SBOM, distributing and sharing an SBOM, and role specific guidance. Also, the document provides information on SBOM related efforts, such as Vulnerability Exploitability eXchange (VEX), OpenC2, and digital bill of materials (DBOM).

SBOM FAQ 2024.pdf (PDF, 212.88 KB )

Tags

SBOM Sharing Roles and Considerations

SBOM-a-Rama February 2024 Session Presentations

Secure Software Development Attestation Form

SBOM Listening Sessions 2022