Statements of Support on A Shared Vision of SBOM for Cybersecurity

A coordinated, global approach to Software Bill of Materials (SBOM) will reduce complexity, improve effectiveness, and support secure-by-design software development. A Shared Vision of SBOM for Cybersecurity reflects and reinforces the importance of international cooperation that produces outcomes that reduce risk and strengthen trust. Below, find leadership statements from co-authoring organizations.

Trust, transparency, and resilience are essential pillars of cybersecurity in today’s interconnected digital landscape. Adopting SBOM across digital systems, platforms and supply chains empowers organisations and stakeholders to identify vulnerabilities, manage risks and build resilience while strengthening the security of our digital ecosystem." 

Dr. Sanjay Bahl, Director General, Indian Computer Emergency Response Team (CERT-In)

 

We are pleased to see that the importance of SBOM is being internationally recognized through this guideline. Last year, Japan released SBOM Guidance 2.0, and we will continue to raise awareness of SBOM among relevant stakeholders while actively contributing to international discussions on the topic." 

Mr. Nobutaka TAKEO, Director, Cybersecurity Division Commerce and Information Policy Bureau, Ministry of Economy, Trade and Industry (METI), Japan

 

KISA extends its sincere congratulations on the publication of the joint document under the leadership of CISA. This milestone is expected to strengthen transparency in the global digital product and service supply chain, raise security awareness, and accelerate practical adoption of supply chain security frameworks. KISA will contribute by strengthening Korea’s framework and sharing best practices with the global community.” 

Mr. Lee Sang Jung, President of the Korea Internet & Security Agency (KISA). Korea Internet & Security Agency(KISA) is an agency under the Ministry of Science and ICT of the Republic of Korea

 

The recent hacking using the software supply chains has highlighted the importance of supply chain security. In this context, we at NCSC find it meaningful to participate in 'A Shared Vision of SBOM for Cybersecurity' and join the global movement to strengthen supply chain security policies.” 

Chief of NCSC, Republic of KOREA 

 

New Zealand has a great reputation for technology innovation and as innovators and users of offshore software vendors we want to ensure security is built into products at the point of origin, not as an optional add-on. Having a software bill of materials incorporated in the released product gives system operators and users assurance that security is an integral component in the product’s supply chain. Products should be securely designed, and customers should have clarity in what they’re purchasing.”

Grace Campbell Macdonald, New Zealand’s National Cyber Security Centre’s Director of Regulatory and Advisory

 

Today’s software is becoming increasingly complex and often consists of hundreds of components originating from various sources and libraries. SBOM brings essential transparency into this complex environment and clearly shows what the software is made of. I regard SBOM as a key step toward creating truly secure and resilient software – already from its design. At the same time, this approach contributes to building an environment in which citizens and institutions can rely with greater confidence on the technologies that power modern software.” 

Lukáš Kintr, NÚKIB’s Director

 

Improving traceability and knowledge about where software components come from is key to improving products and supply chain security. This guidance provides an insightful vision on the value of SBOM to strengthen software transparency and enhance risk management practices.” 

Vincent Strubel, Director General of the French Cybersecurity Agency (ANSSI)

 

Supply chain security is a fundamental element for the protection and resilience of digital infrastructure. The adoption of a shared vision on Software Bill of Materials (SBOM) is a significant achievement to which ACN has contributed alongside international partners. Cooperation on SBOM aims to reduce cyber risk by increasing software transparency and cybersecurity." 

Bruno Frattasi, Director General of the Italian National Cybersecurity Agency

 

As software supply chains become more complex, the need for transparency has never been greater. Software bills of materials give organizations the insight to identify risks and take action to mitigate them. This joint vision reflects our common commitment to advancing SBOM as a practical tool for building resilience and trust in the digital technologies that power our world."

Rajiv Gupta, Head of the Canadian Centre for Cyber Security