:
Skip Navigation
Resources Blog Navigating new regulations and the role of SBOMs in ...

Navigating new regulations and the role of SBOMs in software security

Navigating new regulations and the role of SBOMs in software security
4:49

Recently in our webinar series with Amazon Web Services (AWS) and Fortify by OpenText™, our third installment, "The Power of SBOMs: Regulations Looming," brought the panel together to discuss the evolving role of software bills of materials (SBOMs) amidst tightening global regulations.

This session also highlighted the implications of emerging regulations and the potential of artificial intelligence (AI) in enhancing transparency and security within software supply chains.

A shifting regulatory landscape

As an overarching topic, the webinar explored the comprehensive global response to cyber threats and the implications for software security practices:

  • United States: Following the National Cybersecurity Strategy, there is a push for federal agencies to adopt stringent cybersecurity protocols, affecting how software is developed and managed across the public sector.

  • European Union: Initiatives like the Digital Operational Resilience Act (DORA) and the Network and Information Security 2 (NIS2) directive are shaping new standards across the EU, mandating robust cybersecurity practices that will soon be enforced across various industries, not just financial sectors.

  • Asia-Pacific: The dialogue included how regions like Australia are leveraging past cybersecurity breaches to bolster national policies, which in turn influences software development practices both domestically and in collaborative international frameworks like the Quad Cybersecurity Partnership.

Panelists offered insights into the challenges organizations face in adapting to these regulations within tight deadlines.

They discussed the strategic adoption of SBOMs as tools not only for compliance but for gaining operational advantages in managing software supply chains more transparently and efficiently.

The expanding role of SBOMs

The webinar panelists elaborated on the traditional and emerging functions of SBOMs in the software supply chain.

Originally designed to list software components for transparency, SBOMs now serve in ensuring compliance with global security standards and in managing security vulnerabilities effectively.

The discussion underscored that SBOMs must be dynamic and comprehensive, covering not only direct software components but also the increasingly complex layers introduced by new development methodologies.

Impact of generative AI on development practices

AI's role in software development is expanding, fundamentally altering how code is written, reviewed, and deployed.

The session highlighted how AI aids in automating tasks traditionally performed by developers but also raised questions about the security and reliability of code generated by AI, stressing the need for enhanced SBOMs to track and verify AI-generated components.

SBOMs in the age of AI

With AI integration, the nature of SBOMs is changing. The discussion emphasized that modern SBOMs must extend beyond listing traditional software components to include AI-generated code. This evolution is crucial for maintaining the integrity of software applications and ensuring that all components, whether human or machine-generated, meet security standards.

Future directions for SBOM utilities

The conversation explored how SBOMs must evolve to accommodate the complexities introduced by AI. This includes advanced features for detecting and documenting AI-generated components and ensuring that these components do not introduce vulnerabilities into the software supply chain.

The discussion also touched on the potential for AI to aid in the generation and management of SBOMs themselves, suggesting a future where AI could enhance the accuracy and efficiency of SBOM processes.

Strategic takeaways and closing thoughts

The webinar concluded with a discussion on the future of SBOMs in a world where software development is increasingly influenced by regulatory changes and technological advancements like AI.

The panelists shared a consensus that while SBOMs are currently focused on compliance, their future utility will expand to provide strategic insights into software composition, security, and supply chain management.

Attendees were encouraged to stay engaged with these evolving topics through upcoming industry events and publications that continue to explore the critical role of SBOMs in securing the software development lifecycle. The dialogue underscored that SBOMs, while technical in nature, play a strategic role in the broader context of global software security and compliance frameworks.

For further details, check out a full recording of this webinar and learn more about how to unlock transparency and security in software development.

Picture of Aaron Linskens

Written by Aaron Linskens

Aaron is a technical writer on Sonatype's Marketing team. He works at a crossroads of technical writing, developer advocacy, software development, and open source. He aims to get developers and non-technical collaborators to work well together via experimentation, feedback, and iteration so they can build the right software.