Why the World Needs a Software Bill Of Materials Now

Inserting malicious code in open-source libraries is about as easy as reading this text. © wernerwerke

“Sunburst” was the most sophisticated hack the world has ever seen. One of the most urgent lessons so far learned from the attack: we need to enforce global software supply chain management now. ¹

The first details on the “Sunburst” attack were released in December 2020: a highly evasive attacker leveraged the supply chain of the U.S. based software company SolarWinds in…