Skip to content

Commit

Permalink
Add Current Barriers to Adoption section
Browse files Browse the repository at this point in the history
  • Loading branch information
ran-dall committed Aug 21, 2022
1 parent e85c967 commit 754d1b4
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,14 @@ The Federal Government exists at every point of the Software Delivery Lifecycle,
- ![](https://www.nist.gov/sites/default/files/styles/2800_x_2800_limit/public/images/2021/07/09/software-verification-timeline.png)
- [Minimum Standards for Federal Government End Users](https://www.nist.gov/itl/executive-order-improving-nations-cybersecurity/recommended-minimum-standard-vendor-or-developer)

## Current Barriers to Adoption

- Community Adoption
- Every single software supplier must provide a comprehensive, accurate, and up-to-date SBOM for every single software product they offer, commercial or open-source. If a supplier does not provide a complete, accurate, and up-to-date SBOM; then downstream consumers will have a harder time meeting SBOM requirements and identify vulnerabilities in their software.
- Standards Diversion
- There are many different standards for SBOMs, and vendors are free to choose the best one for their use case. This can cause certain interoperability issues between certain formats, depending on the situation.
- SBOM Security
- SBOMs need to be secured from tampering and tampering attacks. This is currently usually done through DevSecOps tooling, performing integration checking and digital signature verification. Currently, there is limited guidance and open-source tooling available to ensure that SBOMs are secure.

##
**Prior Work**
Expand Down

0 comments on commit 754d1b4

Please sign in to comment.