OWASP Launches BOM Maturity Model; New Benchmark For SBOM Quality

WASHINGTON, DC, USA, October 31, 2023 /EINPresswire.com/ -- Today at AppSec Global in Washington DC, the OWASP Foundation launched the much anticipated BOM Maturity Model. The model provides a formalized structure in which bills of materials can be evaluated for a wide range of capabilities.

With increased requirements for software transparency, organizations face increasingly complex demands for evaluating SBOM quality. The OWASP BOM Maturity Model empowers organizations to:

1) Ensure Compliance: The model can be used to rigorously assess incoming BOMs to ensure strict adherence to organizational policies, accommodating the diverse data requirements of stakeholders.

2) Optimize Workflow: Streamline BOM generation and consumption, saving valuable time and resources while reducing the risk of errors and inefficiencies.

3) Future-Proof BOMs: OWASP provides a model for comparing current and future BOM formats, facilitating seamless alignment with evolving industry requirements.

In addition to the taxonomy, the BOM Maturity Model also provides support for profiles, which group multiple items in the model together along with weighted importance and other metadata.

"SBOM quality is a critical measurement for successful SBOM adoption. With the OWASP BOM maturity Model, organizations can create their own profiles that align to the various stakeholder roles in their organization,” said Steve Springett, Chair of the OWASP CycloneDX Bill of Materials Standard and co-author of the OWASP Software Component Verification Standard (SCVS). “With the release of the BOM Maturity Model, we envision the emergence of a new breed of tools designed to educate and help organizations mature their use of SBOMs and optimize their investment in software and system transparency.”

The BOM Maturity Model is a subproject of the OWASP Software Component Verification Standard (SCVS), designed for organizations to evaluate and improve their software supply chain assurance. The model plays a crucial role in supporting the five dimensions of SBOM quality as outlined in the CycloneDX Authoritative Guide to SBOM.

To learn more, visit https://scvs.owasp.org/ to get started

About the OWASP Foundation

The Open Worldwide Application Security Project (OWASP) is a nonprofit organization that works to improve the security of software. Through community-led open source software projects, over 260 local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. To learn more or to become a member, visit https://owasp.org/.

OWASP and the Open Web Application Security Project are trademarks of the OWASP Foundation.

Steve Springett
OWASP Foundation
+1 773-998-2050
email us here