What’s new: CISA has released a draft guide for the Minimum Elements for a Software Bill of Materials (SBOM) for public comment. This updated guide reflects advancements in SBOM practices since the 2021 publication, incorporating new elements such as component hash, license, tool name, and generation context. The public comment period is open until October 3, 2025.
Who’s affected
Federal agencies, software manufacturers, and organizations involved in software supply chains are directly impacted by the updated SBOM guidelines, which aim to enhance transparency and security in software components.
What to do
- Review the draft SBOM Minimum Elements and provide feedback during the public comment period, which ends on October 3, 2025.
- Stay informed about the evolving SBOM practices and consider how they can be integrated into your organization’s software security strategies.
