A “software bill of materials” (SBOM) has emerged as a key building block in software security and software supply chain risk management. An SBOM is a nested inventory, a list of ingredients that make up software components. While not a brand new concept, the ideas and implementation have advanced since 2018 through a number of collaborative community effort, including National Telecommunications and Information Administration’s (NTIA) multistakeholder process.
