Attestation Sharing: Simplified
The diversity of the supply chain is a double-edged sword: The flexibility that makes supply chain critical to modern operations also makes it critical to have a trustworthy and secure network for companies to share and receive bill of materials and attestations regarding the composition and the origin of the content of their products.
The Digital Bill of Materials (DBoM) enables companies to easily establish a secure network for sharing software, hardware and manufacturing bill of materials. Organizations will be able to automate attestation sharing and validation for stablishing trust and transparency while reducing the cost of operation.
Challenges with adopting Software Bills of Materials
What you get with DBoM
Use the datastore that best matches your requirements, with support for everything from traditional like MongoDB to transparency logs like Trillian, or public/private Distributed Ledger Technologies (DLT) such as IOTA and Hyperledger-Fabric.
Create individual broadcast, public, and private channels seamlessly with your partners suppliers and customers, each based on its own agreed policies, for sharing attestations or any types of bill of materials. These include hardware (HBOM), software (SBOM) or manufacturing (MBOM).
Leverage the connectors and services in the DBOM SaaS marketplace. Or, build your own with our easy-to-use REST APIs and SDKs.
More than just for sharing bills of materials
Products with many components rely on complex supply chains in which the manufacturer of each component is responsible to follow stringent QA processes. There are currently no effective frameworks for sharing this data in a uniform, secure and permissioned manner. DBOM provides a network by which the manufacturers and their suppliers can have a common mechanism to share, access and aggregate their data in order to perform root-cause analysis of defects and subsequently develop corrective actions.
Real-time sharing of threat intelligence in the supply chain is a critical requirement in today’s threat landscape, especially with the recent covert attacks on software supply chains like Solarwinds and Colonial Pipeline. DBoM can transport STIX and other related IoC metadata right to the organizations that need them.
OEMs and other participants in industries like critical infrastructure are required to have certifications to demonstrate compliance and traceability for many years of service. DBoM enables organizations to streamline certification-related data sharing with regulatory agencies in an organized and uniform manner in order to reduce operational cost, disputes and liabilities.
DBoM enables organizations to bring uniformity and automation in the way of organizing and sharing product related data, internally between business units or externally with their customers. This enables organizations to develop end-to-end provenance for their product metadata, all the way from development to deployment.