CERT-In Issues Software Bill of Materials Guidelines
In News
What Happened
Why It Matters
Background
History & Context
What Changed
- ▶
Supply Chain Transparency: BEFORE: Organizations often consumed third-party software as 'black boxes' without knowing the underlying open-source libraries. NOW: Entities must maintain standardized, machine-readable SBOMs (using formats like CycloneDX or SPDX) detailing every module, version, and dependency.
- ▶
Scope of Components Tracked: BEFORE: Inventory and auditing frameworks focused almost exclusively on traditional software applications. NOW: The mandate has expanded to include Hardware (HBOM), Artificial Intelligence (AIBOM), Cryptographic (CBOM), and Quantum (QBOM) components.
- ▶
Incident Response: BEFORE: Discovering if a system was vulnerable to a newly announced threat required slow, manual code reviews and vendor confirmations. NOW: Automated SBOMs linked to vulnerability databases allow for instant identification and rapid patching of compromised dependencies.
Prelims Angle
NCERT Connection
Practice Questions
Q1
Correct Statement(s)With reference to the CERT-In Software Bill of Materials (SBOM) guidelines 2025, which of the following statements is/are correct? 1. They mandate essential service providers to maintain a machine-readable inventory of software components to secure the digital supply chain. 2. The guidelines are strictly limited to software and explicitly exclude Artificial Intelligence and cryptographic components.