Inventive OWASP CycloneDX v1.5 Ushers in New BOM Standard, Aiding Transparency & Compliance in Tech Sphere

The eminent Open Worldwide Application Security Project (OWASP) has declared the release of its newest standard, OWASP CycloneDX version 1.5. This novel innovation in the Bill of Materials (BOM) sphere specifically addresses transparency and compliance afflictions in the software business.

Distinguished from its predecessors, CycloneDX v1.5 extends its reach by integrating ML transparency (ML-BOM), Formulation (MBOM), and amping up the assistance for SBOM quality markers.

The expansive nature of this edition makes the BOM more competent, elevating its assistive capabilities for hardware, software, and services beyond the existing levels. The cornerstone of this development lies in armoring organizations with a well-built mechanism to detect and alleviate supply chain risks.

The advent of ML-BOM manifests as a significant leap forward in the BOM technology realm, offering substantial benefits for software developers. It gives CycloneDX the power to offer crucial insights pertaining to the machine learning models employed in various software systems. This heightened transparency extends a complete overview of the training and deployment techniques for the stakeholders, thereby ensuring accountability and promoting ethical AI practices.

Matt Rutkowski, who takes on the roles of OWASP Maintainer and CycloneDX Contributor at IBM, expressed his thoughts on the new release. He said, “The launch of the current CycloneDX specification outlines a significant benchmark for any company, keenly aware of cybersecurity, striving to develop mature BOMs that collate essential data to tackle security risk and compliance evaluations.” He singled out its effectiveness especially in sectors embracing Continuous Integration and Delivery (CI/CD) or the engineering processes associated with BOM’s subject—be it software, hardware, or service.

To assist organizations in leveraging SBOMs optimally, CycloneDX has unleashed the first edition of a series of guides. Titled “Authoritative Guide to SBOM, Implement and Optimize Use of Software Bill of Materials”, the guide is now made available for access by all. This exhaustive 60-page manuscript delves into both basic and intricate topics, promising a host of benefits for all organizations.

Simultaneous to the unveiling of CycloneDX v1.5, OWASP has kickstarted the development processes for CycloneDX v1.6. The forthcoming version plans to introduce the Cryptography Bill of Materials (CBOM) to the conventional standard.

With the advancement of no-code, low-code tools like AppMaster, even more, uncomplicated methods to develop and implement cybersecurity principles could indeed be on the horizon. As a company that creates backend, web, and mobile applications, AppMaster is part of this shift, contributing to a safer digital landscape.