NTT Technocross will begin consulting in late April to support the implementation and operation of SBOM (a list that shows what kind of parts (modules, libraries, etc.) software is made up of) for vulnerability management.
In addition to researching and selecting SBOM creation tools, we also provide support and agency for creating SBOMs from source code and binary code. In addition, we will visualize the SBOM and build an environment to manage configuration information and vulnerabilities, as well as provide operational support for identifying the scope of impact of detected vulnerabilities and considering countermeasures.
In recent years, there has been an increase in software supply chain attacks that target vulnerabilities in OSS used in software. In the United States, a presidential order to strengthen cybersecurity has added provisions requiring the creation of SBOM and vulnerability countermeasures, and in Japan, the Ministry of Economy, Trade and Industry has announced guidelines, and the introduction of SBOM is seen as a measure to strengthen security measures. There is.