Developing and Using a Software Bill of Materials Framework

With the increasing complexity of software systems, the use of third-party components has become a widespread practice. Cyber disruptions, such as SolarWinds and Log4j, demonstrate the harm that can occur when organizations fail to manage third-party components in their software systems. In this podcast from the Carnegie Mellon University Software Engineering Institute, Carol Woody, principal researcher, and Michael Bandor, a senior software engineer, discuss a Software Bill of Materials (SBOMs) framework to help promote the use of SBOMs and establish …

bill can carnegie mellon carnegie mellon university complexity components cyber disruptions engineering fail framework harm log4j manage materials mellon organizations party podcast practice sboms software software bill of materials software engineering software systems solarwinds systems third third-party university vulnerabilities