EN, Search Security Resources and Information from TechTarget

Beyond the SBOM: What CISOs should about CBOMs and HBOMs

<p>Heartbleed, SolarWinds and Log4j — the stuff of CISOs’ nightmares. As cybersecurity leaders know all too well, these historic, high-profile security breaches revealed massive weaknesses in supply chain security.</p>
<p>Rising <a href=”https://www.techtarget.com/searchsecurity/tip/How-to-create-a-third-party-risk-management-policy”>awareness of third-party risk</a> has led to a surge of interest in the <a href=”https://www.techtarget.com/whatis/definition/software-bill-of-materials-SBOM”>SBOM</a>. Often compared to ingredient lists on packaged food, SBOMs provide security teams with information about the components in their software, helping them identify supply-chain vulnerabilities and risks.</p>
<p>But the SBOM isn’t the only bill of materials that CISOs should consider for third-party risk management. This article introduces two important, adjacent concepts — the cryptographic bill of materials (CBOM) and the hardware bill of materials (HBOM) — as well as the types of organizations that need them, their key components and best practices for creating them.</p>
<section class=”section main-article-chapter” data-menu-title=”What CISOs should know about CBOMs”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>What CISOs should know about CBOMs</h2>
<p>A CBOM is an extension of an SBOM, providing an easy-to-understand inventory of cryptographic assets across infrastructure, services and software. A CBOM helps cybersecurity engineers and technicians understand their cryptographic ecosystems, manage cryptographic risk and ensure compliance.</p>
<p>CBOMs also support <a href=”https://www.techtarget.com/searchenterpriseai/definition/crypto-agility”>crypto-agility</a> and <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-prepare-for-post-quantum-computing-security”>post-quantum computing</a> migrations — establishing where classical cryptography is in use and providing mechanisms for scoping and tracking post-quantum transitions.</p>
<h3>Who needs CBOMs</h3>
<p>Any organization with systems that use cryptography can benefit from the use of CBOMs in supply chain risk management. In other words, it’s the rare company that should <i>not</i>&nbsp;consider using CBOMs.</p>
<h3>Key components of a CBOM</h3>
<p>In its most basic fo

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Search Security Resources and Information from TechTarget

Read the original article: