A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity

CISA and the National Security Agency (NSA) in collaboration with 19 international cybersecurity organizations, have released joint guidance outlining a shared global vision of Software Bill of Materials (SBOM). This milestone reflects a growing international consensus on the importance of software transparency in securing the digital supply chain.

SBOMs act as a software “ingredients list,” enabling organizations to identify components, assess risks, and take informed action to protect critical systems. As modern software increasingly relies on third-party and open-source components, SBOMs are essential for managing vulnerabilities and supporting secure-by-design development.

This guidance encourages:

• Widespread SBOM adoption across sectors and borders
• Harmonized technical implementations to reduce complexity and cost
• Integration of SBOMs into security workflows for better risk management

Better software transparency leads to better decisions. When used globally, SBOMs illuminate the software supply chain, helping ensure that known risks are addressed early and consistently.

For leadership statements from co-authoring organizations, visit: Statements of Support on A Shared Vision of SBOM for Cybersecurity.