Future Use of SCAP and SBOM for Software Supply... - Yumi Tomita & Atsuya Misaki & Masaki Ishiguro

Future Use of SCAP and SBOM for Software Supply Chain Security - Yumi Tomita & Atsuya Misaki, Cybertrust Japan Co., Ltd. & Masaki Ishiguro, Mitsubishi Research Institute, Inc.

In recent years, supply chain security is strongly required as a mechanism to objectively and rationally ensure security concerning organizations, systems, products, services, and data with respect to trading partners and other stakeholders. Modern software development has become more complex due to the proliferation of multiple suppliers, vendors, and open source software (OSS), and this has increased the possibility of vulnerabilities being introduced by suppliers and the risk of attacks exploiting the supply chain in the software supply chain. This is the reason why the software supply chain is becoming more and more complex. Therefore, it is important to understand and manage security risks throughout the software supply chain. The presentation will compare SCAP, which has been used for a long time, and SBOM (Software Bill of Materials), which has been attracting attention in recent years, as a method for supply chain security, explaining the features of each, and discussing the possibilities of utilizing the tools in the future.