Software Bill of Materials (SBOM)

Supporting SBOM adoption across the energy sector community

The Energy Sector Software Bill Of Materials (SBOM) Proof of Concept (POC) effort is a partnership between DOE CESER and the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to develop and explore the application of SBOMs within energy sector environments. Using an open, transparent, consensus-based process, this diverse stakeholder group is developing tools, technologies, and use cases to catalyze SBOM adoption by technology vendors and asset owners in the energy sector.

The SBOM POC group has met monthly since April 2021 to advance SBOM development in the energy sector and share information with the stakeholder community.

Latest SBOM POC Meeting

Energy Sector BOM Collaboration Webinar

A collaborative webinar focused on sharing insights and strategies for effective partnership and innovation.

Meeting Video Library

Overview of SBOM Energy POC

Provides an overview of the SBOM work across a range of industries and communities during...

Framing Software Supply Chain Transparency

Provides a technical deep dive into what an SBOM is, the process for developing SBOMS,...

Lessons from Energy Community

Offers lessons from the field, including work with DOE’s CyTRICS program, supplier and customer perspectives...

Planning a POC for Energy Community

Explores the SBOM POC effort that later kicked off on April 26, 2021....

Proof of Concept Kickoff

Attendees may be interested in this review of SBOM use cases, and the benefits across...

Energy SBOM POC Charter

The Project Charter captures high level planning information (scope, deliverables, assumptions, etc.) about the SBOM...

Mural Synthesis Work

Agenda: To identify specific topics, use cases, and technology gaps the POC would like to...

Brainstorming

Healthcare Lessons Learned

Cooking Class: Jennings Aske of NY Presbyterian Medical Center and Jim Jacobson of Siemens Healthineers...

Minimum Elements for SBOM

Additional resources: NTIA SBOM Minimum Elements Report The 2019 NTIA Healthcare SBOM POC The Roles...

Use Cases – Part 1

This session will discuss use cases for SBOM....

Use Cases – Part 2

Part 2 - This session will discuss use cases for SBOM....

Making an SBOM

Cooking Class: Steve Springett, leader of the OWASP CycloneDX project, demonstrates how to create an...

SBOM Open Source

Cooking Class: Thomas Steenbergen of Here.com discusses how the European auto industry is now using...

SBOM and VEX

Cooking Show: Dr. Allan Friedman of CISA explains the concept and importance of the Vulnerabilities...

Juice Shop Demonstration

A detailed walkthrough of the SBOM elements within the Juiceshop open source product....

Healthcare Proof of Concept

Cooking Class: Presented by Tim Walsh of the Mayo Clinic...

All Hazards Analysis (AHA) VEXing

Michael Hoover demonstrates how to link SBOM and VEX-driven component-level risk analysis with systemic critical...

Energy SBOM Retrospective

A retrospective analysis of the past year of Energy SBOM work and brainstorming for the...

Venues for SBOM Discussion

A review of SBOM’s activities from past year and preview of discussion opportunities and path...

SBOM Transports

Energy Sector Software Bill of Materials discussion: survey results of software bill of materials transports....

Debrief of S4 SBOM Exercise

Discuss exercises and feedback from the S4x22 conference session; CISA working group updates and CycloneDx...

VEX Energy Overview

An update to VEX vulnerabilities and some tricks for addressing them....

How to Build SBOM from Binaries

Using CyTRICS program research to tell a "round-about" story of SBOMs....

Towards SBOMs in the Nuclear Industry

A recording of DOE's bi-weekly meeting on SBOMs....

Discussion of SBOMs at Microsoft and Google

Adrian Digilio from Microsoft discusses Microsoft’s Open Source SBOM Tool and Isaac Hepworth from Google...

Sharing SBOMs

S4x23 SBOM Challenge Overview and Outcomes

Recap of the S4x23 Software Bill of Materials (SBOM) challenge along with the results....

SBOM Sharing Lifecycle Report

How are you using SBOMs today?

“Wind Supply Chain Security” and “SBOM Regulations”

SBOM Use Cases and CyMANII

Cyber Labeling and SBOM Comparison

Automating SBOMs and Lessons Learned from generating BOMs for CyTRICS

Energy Sector BOM Collaboration Webinar

A collaborative webinar focused on sharing insights and strategies for effective partnership and innovation....

Additional Resources

The National Telecommunications and Information Administration (NTIA) led an early multi-stakeholder effort to develop informational and technical resources for SBOMs between 2018-2021.

Click Learn More to review these foundational resources.

The Energy SBOM POC effort is a partnership between DOE CESER and DHS CISA. CISA is leading other SBOM-related efforts that inform and draw from this work.

Click Learn More to review the CISA workstreams and resources.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

April 30, 2021

Auburn University’s McCrary Institute hosted a panel discussion on growing policy support for BOMs, implementation challenges, and strategic use cases. Panelists include representatives from DOE, Idaho National Laboratory, NTIA, Unisys, and Microsoft Azure.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

CESER Partners with CISA to Release New Framework for Software Bill of Materials Sharing.

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Sponsor and Participating Organizations

For questions or comments on this standards search, please contact us at [email protected].