The software supply chain has never been more complex — or more critical to secure. For years, the Software Bill of Materials (SBOM) has been the go-to tool for documenting components within software, offering much-needed visibility into what’s under the hood. It is called out by Executive Order 14028, as well as the EU Digital Operational Resilience Act (DORA) and EU Cyber Resilience Act (CRA). But as software systems grow to include machine learning models, cloud services, cryptographic risks, hardware dependencies, and low-code platforms, the traditional SBOM simply isn’t enough.

The SBOM has been fully supported by the OWASP Foundation’s CycloneDx, an industry-recognized standard for machine-readable SBOMs. And in 2023, CycloneDx introduced the Extended Bill of Materials (xBOM) to address the full stack bill of materials, adding 11 other bills of materials (BOMs) for areas that span software as a service, cryptography, hardware, manufacturing and other technology ecosystems. In its most current form, CycloneDX v1.6 was ratified as an Ecma International standard, providing a global xBOM specification for use across multiple domains.

Here's what you need to know about the SBOM’s purpose, what the xBOM entails — and how RL Spectra Assure now provides the most comprehensive support for the xBOM.

The post What is the xBOM? appeared first on Security Boulevard.

Carolynn van Arsdale

Source: Security Boulevard
Source Link: https://securityboulevard.com/2025/04/what-is-the-xbom/?utm_source=rss&utm_medium=rss&utm_campaign=what-is-the-xbom