Introducing SBOMit: adding verification to SBOMs


Associate Professor Justin Cappos is part of a team that recently launched SBOMit –– a tool to add in-toto attestations to SBOMs (Software Bills of Material), used to track a list of components, akin to ingredients, that constitute a software package. SBOMit specification is already available on GitHub, and the team plans to onboard new stakeholders, reach out to early adopters, and collaborate with stakeholders to finalize the SBOMit Phase 1 specification.