Acquisition Security Framework (ASF): Informing Software Bill of Materials (SBOM) Use Cases and Risk Reduction
Carol Woody (Software Engineering Institute)
Keywords
software supply chain risk;software bill of materials (SBOM);cybersecurity risk management
Abstract
Systems are increasingly reliant on software. In many cases, software components within acquired software are unknown. SEI has developed an Acquisition Security Framework (ASF) of practices needed across the supply chain to begin to improve this risk situation. The SEI SBOM Framework, derived from ASF, compiles a set of leading practices for building an SBOM and using it to support risk reduction. This presentation will describe both frameworks.