SBOMS: BOMS for Vulnerability Tracking. Boom or Bust (A13c)
NIAP started a SBOM pilot on 1st March 2024 (Policy 30) for NIAP’s Application Software Protection Profile. The purpose of this project is the usage of SBOMs for vulnerability analysis and monitoring in contrast to that of creating SBOMs. This presentation will discuss NIAP’s reasons and requirements for SBOMs as well as some items that NIAP has learned so far from requiring SBOMs from vendors.