SBOMs are a solution intended to help solve a couple of problems: 1) help identify and remediate s...

Khaine • today at 5:55 AM • 2 replies • view on HN

SBOMs are a solution intended to help solve a couple of problems:

1) help identify and remediate software that has been built with vulnerable packages (think log4j).

2) help protect against supply chain compromise as the SBOM contains hashes that allow packages to be verified

pacificpendant • today at 9:28 AM

Depending on who you ask an SBOM might not need a hash. NTIA only recommend a hash.

ozim • today at 7:37 AM

You forgot about the important one SBOMs are created with thought about sharing them with third parties like your customers - lock files not.

➕ show 1 reply

alt Hacker News