IIoTSBOM is an initiative from LSEC, Flanders Make and KU Leuven COSIC from Belgium to improve cybersecurity for devices. Inspired and with the support of the US CISA (CyberSecurity and Infrastructure Security Agency), we aim to support companies to innovate with methods, processes and technologies and be better prepared for future challenges.

we offer support and advisory free of charge - we aim to help to innovate

Get Inspired on CyberSecurity

CyberSecurity is a complex world of interconnected systems with vulnerabilities and adversaries trying to exploit them

Read More

Supply Chain CyberSecurity

How do you get your next device, machine and other equipments you plan to purchase CyberSecured?

Read More

Device CyberSecurity

How do you get your next product or service development CyberSecured so end-users can partner up providing a secure operation.

Read More

SBOM – boosting software supply chain security

In an article by Reversinglabs, John P. Mello puts SBOMs rightfully in the scope for supply chain security with some caveats. “Like the OWASP Top 10 is to general application security, the SBOM is a starting point for operationalizing software supply chain security. “Generating an SBOM is a great first step,” said ReversingLabs software assurance…

SBOMs with IIoTSBOM 2023 in review

If you missed it, you can still participate in the afterlife of the recordings of our annual IIoTSBOM gathering. From developing an SBOM with Github, to the perspectives of use of SBOMs with insights from Github up to the relevance of SBOMs within the context of the Cyber Resilience Act. We’ll introduce some background and…

SCA – Software Composition Analysis for SBOM

During this webinar one of the global application security experts Steven Wierickx from OWASP and Toreon guided us through the concepts and methodologies for Software Composition Analysis – a method used in different toolsets, that analyse software for its ingredients and support developers and security engineers in detecting potential errors, leakages and vulnerabilities. Many of…

Cap Gemini 2021 Report on SBOMs

The Dutch CyberSecurity Center (NCSC) commissioned CapGemini Invent in 2020 to explore the state of the current landscape, the potential purposes, and uses of SBoM in a cybersecurity context. The research report from February 2021 describes the potential for software production, choosing and procurement, operating of software, and for SecDevOps. The general findings are: 1.           …

IIoTSBOM Annual

On November 10th, the IIoTSBOM team held its annual F2F event at the Beacon in Antwerp, with participation of several product manufacturing companies and SBOM technology providers such as TrustSource, Irdeto, Asvin and Fortress Information Security. For more information, documentation and video recordings, visit the event pages.

ENISA Publishes Guidelines on Securing IoT Supply Chain

The European Union Agency for CyberSecurity (ENISA) released its Guidelines for Securing the IoT – Secure Supply Chain for IoT in November 2020. SBOMs are part of the guidelines for both the processes PRO-05 “Identifying Third-Party Software” and PRO-13 “Provide Software Bill Of Materials (SBOMs) for IoT Devices” ENISA publication: https://www.enisa.europa.eu/news/enisa-news/iot-security-enisa-publishes-guidelines-on-securing-the-iot-supply-chain Document page: https://www.enisa.europa.eu/publications/guidelines-for-securing-the-internet-of-things

NIST releases SSDF Secure Development

The NIST SSDF (SP 800-218) serves as the focal point for capturing and operationalizing U.S. government software security expectations. In February, SP 800-218 replaced the original 2020 NIST cybersecurity white paper, formalizing the SSDF as the government’s seminal software security organizing construct.  The document describes a set of foundational practices for secure software development and…

Using SBOMs in DevOps

“… reusable components and open source software have simplified software development, this simplicity has exposed a critical visibility gap … This ties directly into the continuous integration and continuous deployment (CI/CD) process. DevOps SBOM 101”

Gartner on SBOM

Feb 14, 2022. Software bills of materials improve the visibility, transparency, security and integrity of proprietary and open-source code in software supply chains. To realize these benefits, software engineering leaders should integrate SBOMs throughout the software delivery life cycle. Gartner’s Innovation Insights for SBOMs.