Experts say the software supply chain is at the heart of critical infrastructure security, and the executive order is a step forward in shoring up vulnerabilities.
“You can’t protect what you can’t see. And too many organizations don’t have a full picture of what’s inside their software. Most aren’t even looking,” Brian Fox, chief technology officer at Sonatype, said in a statement. The company develops software to help manage supply chain security.
Software security requires “full visibility to all of the code in an application. An SBOM is the only way to do this,” Fox said.