The IIoTSBOM project aims to support companies and professionals in the following ways :
- Getting you started …
- Overall support the development of SBOMs with end users, technology developers and integrators
- Access to experts and expertise
- Organize awareness – webinars, information sessions, documentation, use cases and pre-formatted examples
- Supporting the steps to be taken, for different target audiences
- SBOM advantages – Business Case, analogy with other Bill of Materials – differences
- Composition and maintenance of SBOMs, reference-architectures
- Collaboration – shared responsibility models in cooperation with customers – suppliers, how to share and distribute information
- Contract management – procurement examples, legal implications and ethical considerations
- SBOM management – technology for process automation, security and risk management
- Roles, responsibilities and execution
- VEX – Vulnerability Exchange – data exchange, information exchange, automation
- Where and how to gather information and documentation, developing structured questionnaires, integration in purchasing process
- Examples and demonstrators of Generating machine & human readable documents
- Stimulating distribution and sharing of SBOMs
- Signing and vetting procedures and mechanism for signing and vetting
- How to consume SBOMs – customer integrations – developing Proof of Concepts
- Aligning SBOM with technical standards, sector expectations (National Authorities), legislation and regulations, policy making under development : ISO27k, IIoT certificatie, WIB, …
- Choosing the right formats – mechanisms for the development of SBOMs, available tools and technology – potential alternative models (reference integrity manifest, shared responsibility
- seeing the bigger picture – supply chain security – Third Party Risk, Vendor Risk