DBOM Supply Chain Security

Attestation Sharing: Simplified

The diversity of the supply chain is a double-edged sword: The flexibility that makes supply chain critical to modern operations also makes it critical to have a trustworthy and secure network for companies to share and receive bill of materials and attestations regarding the composition and the origin of the content of their products.

The Digital Bill of Materials (DBoM) enables companies to easily establish a secure network for sharing software, hardware and manufacturing bill of materials. Organizations will be able to automate attestation sharing and validation for stablishing trust and transparency while reducing the cost of operation.

Challenges with adopting Software Bills of Materials

Sharing

Sharing SBOM data across organizational boundaries in a manageable manner is difficult.

Automation

SBOMs must be updated and published constantly with every software change to ensure best value.

Interoperability

SBOMs have a variety of formats. The transport must support conversion on-the-fly for seamless integration.

Policy Control

SBOMs have the potential to expose organizational intellectual property; hence, policy-controlled distribution is essential.

Products with many components rely on complex supply chains in which the manufacturer of each component is responsible to follow stringent QA processes. There are currently no effective frameworks for sharing this data in a uniform, secure and permissioned manner. DBOM provides a network by which the manufacturers and their suppliers can have a common mechanism to share, access and aggregate their data in order to perform root-cause analysis of defects and subsequently develop corrective actions.

Real-time sharing of threat intelligence in the supply chain is a critical requirement in today’s threat landscape, especially with the recent covert attacks on software supply chains like Solarwinds and Colonial Pipeline. DBoM can transport STIX and other related IoC metadata right to the organizations that need them.

OEMs and other participants in industries like critical infrastructure are required to have certifications to demonstrate compliance and traceability for many years of service. DBoM enables organizations to streamline certification-related data sharing with regulatory agencies in an organized and uniform manner in order to reduce operational cost, disputes and liabilities.

DBoM enables organizations to bring uniformity and automation in the way of organizing and sharing product related data, internally between business units or externally with their customers. This enables organizations to develop end-to-end provenance for their product metadata, all the way from development to deployment.

How it works

Set up an account on the DBoM SaaS using the sign-up button

Use the quick start to set up your own DBoM node

Create and define policies on your channels or subscribe to channels from your partners

Easily integrate DBoM with your process and CI using the SDK and marketplace applications

Ongoing POCS

Is DBOM SaaS right for your organization? Let Unisys develop a Proof of Concept to find out. Join these organizations and try DBOM -- See the future of supply chain integrity and experience the “Internet of Attestations”.