DBOM Supply Chain Security
How it works!
Attestation Sharing: Simplified
The diversity of the supply chain is a double-edged sword: The flexibility that makes supply chain critical to modern operations also makes it critical to have a trustworthy and secure network for companies to share and receive bill of materials and attestations regarding the composition and the origin of the content of their products.
The Digital Bill of Materials (DBoM) enables companies to easily establish a secure network for sharing software, hardware and manufacturing bill of materials. Organizations will be able to automate attestation sharing and validation for stablishing trust and transparency while reducing the cost of operation.
Challenges with adopting Software Bills of Materials
Sharing
Sharing SBOM data across organizational boundaries in a manageable manner is difficult.
Automation
SBOMs must be updated and published constantly with every software change to ensure best value.
Interoperability
SBOMs have a variety of formats. The transport must support conversion on-the-fly for seamless integration.
Policy Control
SBOMs have the potential to expose organizational intellectual property; hence, policy-controlled distribution is essential.
What you get with DBoM
Use the datastore that best matches your requirements, with support for everything from traditional like MongoDB to transparency logs like Trillian, or public/private Distributed Ledger Technologies (DLT) such as IOTA and Hyperledger-Fabric.
Create individual broadcast, public, and private channels seamlessly with your partners suppliers and customers, each based on its own agreed policies, for sharing attestations or any types of bill of materials. These include hardware (HBOM), software (SBOM) or manufacturing (MBOM).
Leverage the connectors and services in the DBOM SaaS marketplace. Or, build your own with our easy-to-use REST APIs and SDKs.
More than just for sharing bills of materials
Products with many components rely on complex supply chains in which the manufacturer of each component is responsible to follow stringent QA processes. There are currently no effective frameworks for sharing this data in a uniform, secure and permissioned manner. DBOM provides a network by which the manufacturers and their suppliers can have a common mechanism to share, access and aggregate their data in order to perform root-cause analysis of defects and subsequently develop corrective actions.
Real-time sharing of threat intelligence in the supply chain is a critical requirement in today’s threat landscape, especially with the recent covert attacks on software supply chains like Solarwinds and Colonial Pipeline. DBoM can transport STIX and other related IoC metadata right to the organizations that need them.
OEMs and other participants in industries like critical infrastructure are required to have certifications to demonstrate compliance and traceability for many years of service. DBoM enables organizations to streamline certification-related data sharing with regulatory agencies in an organized and uniform manner in order to reduce operational cost, disputes and liabilities.
DBoM enables organizations to bring uniformity and automation in the way of organizing and sharing product related data, internally between business units or externally with their customers. This enables organizations to develop end-to-end provenance for their product metadata, all the way from development to deployment.
How it works
Set up an account on the DBoM SaaS using the sign-up button
Use the quick start to set up your own DBoM node
Create and define policies on your channels or subscribe to channels from your partners
Easily integrate DBoM with your process and CI using the SDK and marketplace applications
Ongoing POCS
Is DBOM SaaS right for your organization? Let Unisys develop a Proof of Concept to find out. Join these organizations and try DBOM -- See the future of supply chain integrity and experience the “Internet of Attestations”.
