What is a Software Bill of Materials (SBOM) and why is it so important?

How secure is your software? With a software bill of materials (SBOM), companies can keep track of the components used and detect security vulnerabilities at an early stage. Read our article to find out why SBOMs are indispensable for IT security and how NoSpamProxy version 15.2 strengthens transparency and trust.

Every time serious security vulnerabilities in software components such as OpenSSL or Log4J become known, the IT world cringes. Hardly any customer knows whether the affected component, let alone the exact version, is used in the software they are using. The fear of such gaps is quite justified, as attacks on the software supply chain have increased. In such cases, a parts list that documents the components used can provide a remedy, which is exatly what a ‘software bill of materials’, or SBOM for short, is. It provides a detailed list of the software components used in a device, software or service.

Detect security vulnerabilities with the software supply chain

SBOMs not only provide the name and the version of a component used, but also information about the licences for these components and thus support the comparison of actual use with the licence specifications of the creator. Thanks to an SBOM, companies are able to discover and evaluate potential security vulnerabilities themselves and, above all, as automatically as possible and take targeted protective measures.

NoSpamProxy provides SBOM

With version 15.2, NoSpamProxy is delivering an SBOM for the first time, thereby fulfilling an important criterion of the Cyber Resiliance Act (CRA) prepared by the European Commission. This obliges manufacturers to provide SBOMs if the product contains digital elements and is distributed in the EU.

Our aim is to maintain our customers’ trust in NoSpamProxy at a high level and to build on this even further. The provision of the SBOM emphasises these efforts.