SBOM

A Software Bill of Materials (SBOM) is a formal, machine-readable inventory of all components, libraries, and dependencies included in a software product, analogous to an ingredient list for food. SBOMs enable organizations to quickly identify which products are affected when a new vulnerability (like Log4Shell) is disclosed. They are required by US Executive Order 14028 for software sold to the federal government. Common SBOM formats include SPDX and CycloneDX.

Why it matters for your website

• 1Foundational principle in modern security — harder to retrofit than to build in from the start
• 2Reduces breach impact by limiting what attackers can access if they get in
• 3Required control in ISO 27001, NIST CSF, and most compliance frameworks