ASD releases guidance around Software Bill of Materials integration

By Jason Pollock on Sep 7, 2025 8:40PM
ASD releases guidance around Software Bill of Materials integration

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has released guidance to inform organisations who procure, produce or operate software about the advantages of integrating a Software Bill of Materials (SBOM).

The guidance was authored in collaboration with international partners, including the U.S. Cybersecurity and Infrastructure Security Agency and New Zealand’s National Cyber Security Centre.

An SBOM is a formal record of the details and supply chain relationships of various components used in building software, which the ACSC claimed helps to address challenges in securing software because it provides visibility of the components of software.

The ACSC said that "widespread adoption of SBOM will strengthen security, reduce risk, and decrease costs".

"Identifying and responding to vulnerabilities is a key step in the development of secure software and limiting risks throughout the software lifecycle. Using an SBOM means organisations can respond to vulnerabilities quicker and more efficiently with tailored mitigations to address specific risks.

"With SBOM data, software producers and operators can map the software’s dependencies to relevant lists of existing vulnerabilities and track new vulnerabilities that may arise."

An SBOM also documents information about software dependencies, which is claimed to enable greater visibility across an organisation’s software supply chain and enterprise system.

The ACSC said this allows organisations to improve risk management practices, particularly vulnerability management and supply chain management; software development processes; and support an organisation’s license management.

In techpartner.news 2023 State of Security reportManjunath Bhat, VP analyst in Gartner’s DevOps and software engineering team, said multiple factors are driving the need for SBOMs.

"Increased use of third-party dependencies and open-source software, increased incidence of software supply chain attacks and regulatory compliance mandates … all point to the need for visibility and transparency into the components used to build software,” Bhat said.

“Enterprises should also look at runtime/dynamic SBOMs because they provide visibility to component usage when the system is running, including dynamically loaded components and external API calls."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
acsc asd software bill of materials strategy

Sponsored Whitepapers

Tech Data
Tech Data
Coro
Coro
Huntress
Huntress
Hosted Network
Hosted Network
Dicker Data
Dicker Data

Events

Huntress Cybersecurity Roadshow Sydney
Huntress Cybersecurity Roadshow Sydney
Huntress Cybersecurity Roadshow Melbourne
Huntress Cybersecurity Roadshow Melbourne
techpartner.news Benchmark Security Awards 2025
techpartner.news Benchmark Security Awards 2025

Most read articles

Microsoft names new MD for ANZ

Microsoft names new MD for ANZ
[Opinion] The agentic AI hype is bullsh*t!

[Opinion] The agentic AI hype is bullsh*t!
Dicker Data launches dedicated practice to drive AI adoption among partners

Dicker Data launches dedicated practice to drive AI adoption among partners
Dell Technologies reveals ANZ FY25 partner awards winners

Dell Technologies reveals ANZ FY25 partner awards winners

Log in

Email:
Password:
  |  Forgot your password?