By providing a list of software components, known as the Software Bill of Materials (SBOM), global cybersecurity company Kaspersky is enhancing the ways in which it ensures the integrity of its products, and helps customers and partners understand what’s inside the company’s products and software architecture.
Rapid digitalization of business processes is taking place in increasingly complex networks that rely on multiple software products. In turn, this has resulted in the growth of ICT supply chain security risks. According to a report by the European Union Agency for Cybersecurity (ENISA), supply chain attacks are on the rise in 2021. Enterprises have also found data breach incidents involving shared data with suppliers to be the costliest breaches in 2021, reaching 1.4 million USD. These numbers highlight the need to bring more transparency to the components and connections within and across software supply chains to ensure the integrity and trustworthiness of digital infrastructure that businesses rely on. One such measure to support businesses and provide even stronger assurance in the security and integrity of cybersecurity solutions – SBOM – has been introduced globally by Kaspersky.
SBOM is the documentation describing the parts which make up software, providing a list of all their components, information about them, and the relationships between them. An emerging good practice in the industry, SBOM enhances software transparency and improves visibility into software composition and architecture to encourage the building of a reliable and trustworthy digital infrastructure.
Being at the forefront of transparency in the cybersecurity industry, Kaspersky has introduced SBOM to empower its customers and partners with up-to-date information about components and ensuring product security while also performing necessary ICT supply chain risk management practices. It also represents the next step in further implementing baseline recommendations for the security of digital products, which Kaspersky and other industry partners discuss within the Geneva Dialogue on Responsible Behavior in Cyberspace – a global initiative led by the Swiss Federal Department of Foreign Affairs (FDFA), and implemented by the DiploFoundation.
“SBOM is a step forward in enhancing the security and integrity of software supply chains. It helps software manufacturers to be transparent about software components, raising users’ visibility and awareness on which “ingredients” a piece of software includes. By introducing SBOM globally, our customers and partners can be confident trusting Kaspersky cybersecurity solutions and having all the necessary information on how our solutions are designed, what they include and how they function,” comments Oleg Abdurashitov, Head of Public Affairs at Kaspersky.
“Moreover, maintaining and providing SBOMs indicates that software manufacturers have the necessary organizational controls and knowledge to support their customers in building reliable and trusted digital infrastructure,” he adds.
SBOM is available at Kaspersky’s Transparency Centers which operate in four countries. Customers and partners can view SBOMs for particular products by requesting access to our Transparency Centers – both virtually and physically – by email via TransparencyCenter@kaspersky.com. Information about access to the facilities can be found on the dedicated webpage. Kaspersky experts will also be ready to address any questions our partners and customers might have in applying the SBOM data.
To learn more about Kaspersky’s Global Transparency Initiative, please visit the website.