As organizations increasingly rely on SBOMs to enhance supply chain security, many fail to use them effectively.
Shane Fry, Chief Technology Officer at RunSafe Security, highlighted that many companies treat SBOMs as a “checkbox exercise,” generating them without fully analyzing the risks within their software supply chains. He also pointed out that a large number of organizations create SBOMs but refuse to share them with customers, preventing proper use to secure critical infrastructure.
Fry emphasized that SBOMs, when properly utilized, offer critical visibility into vulnerabilities and can significantly improve security. However, without comprehensive analysis and action, they lose their potential to mitigate supply chain risks.