SBOM (Software Bill of Materials)
An SBOM is a formal inventory of all software components and dependencies in an application — similar to an ingredient list. SBOMs are used to rapidly identify which systems are affected when a vulnerability (like Log4Shell) is discovered in a common dependency.
Frequently Asked Questions
What is SBOM (Software Bill of Materials)?
An SBOM is a formal inventory of all software components and dependencies in an application — similar to an ingredient list. SBOMs are used to rapidly identify which systems are affected when a vulnerability (like Log4Shell) is discovered in a common dependency.
How is SBOM (Software Bill of Materials) related to CVE (Common Vulnerabilities and Exposures)?
SBOM (Software Bill of Materials) and CVE (Common Vulnerabilities and Exposures) are both key concepts in threat intelligence. CVE is a public catalogue of known cybersecurity vulnerabilities, maintained by MITRE and sponsored by CISA. Each entry has a unique CVE ID (e.g., CVE-2024-12345), a description, and references. CVE IDs are the universal language for tracking and patching specific vulnerabilities.