A presentation at Bsides Bangalore in in Bengaluru, Karnataka, India by Anant Shrivastava
Software Bill of Materials (SBoM) has rapidly become a prominent topic in the security world over the past few months. From 2021 to 2024, the industry’s engagement with SBoMs raises critical questions: Are we fully leveraging their potential? Are efforts being made to create SBoMs in the first place? A frequent topic of debate is whether an SBoM should remain confidential or be shared—should it be protected, or openly accessible?
On one hand, SBoMs represent a revolutionary approach to maintaining software inventories, potentially simplifying the management of digital assets. However, there is a concern that the inclusion of infrastructure and additional elements complicates matters, transitioning from KBom, to Cbom, to Xbom. Is this merely an overenthusiastic expansion, or is there a genuine necessity for these variations?
Conversely, there are arguments that SBoMs represent an excessive investment with minimal returns, particularly when organizational strategies and codebases are subject to frequent changes, leading to uncertainties in their long-term utility.
Moreover, while SBoMs are typically discussed in the context of security, this presentation will explore other potential applications. By addressing these points, the presentation aims to clarify the current and future roles of SBoMs in the industry.