By providing a list of software components, known as the
Software Bill of Materials (SBOM), global cybersecurity company Kaspersky
is enhancing the ways in which it ensures the integrity of its products, and
helps customers and partners understand what's inside the company's products
and software architecture.
Rapid digitalization of business processes is taking place
in increasingly complex networks that rely on multiple software products. In
turn, this has resulted in the growth of ICT supply chain security risks.
According to a report
by the European Union Agency for Cybersecurity (ENISA), supply chain attacks
are on the rise in 2021. Enterprises have also found data breach incidents
involving shared data with suppliers to be the costliest breaches in 2021, reaching 1.4 million USD. These
numbers highlight the need to bring more transparency to the components and
connections within and across software supply chains to ensure the integrity
and trustworthiness of digital infrastructure that businesses rely on. One such
measure to support businesses and provide even stronger assurance in the
security and integrity of cybersecurity solutions - SBOM - has been introduced
globally by Kaspersky.
SBOM is the documentation
describing the parts which make up software, providing a list of all their
components, information about them, and the relationships between them. An emerging good practice in the industry, SBOM
enhances software transparency and improves visibility into software
composition and architecture to encourage the building of a reliable and
trustworthy digital infrastructure.
Being at the forefront of transparency in the cybersecurity
industry, Kaspersky has introduced SBOM to empower its customers and partners with
up-to-date information about components and ensuring product security while
also performing necessary ICT supply chain risk management practices. It also
represents the next step in further implementing baseline recommendations for
the security of digital products, which Kaspersky and other industry partners
discuss within the Geneva Dialogue on
Responsible Behavior in Cyberspace - a global initiative led by the
Swiss Federal Department of Foreign Affairs (FDFA), and implemented by the
DiploFoundation.
"SBOM is a step forward in enhancing the security and
integrity of software supply chains," comments Oleg Abdurashitov, head of
public affairs at Kaspersky. "It helps software manufacturers to be
transparent about software components, raising users' visibility and awareness
on which "ingredients" a piece of software includes. By introducing SBOM
globally, our customers and partners can be confident trusting Kaspersky
cybersecurity solutions and having all the necessary information on how our
solutions are designed, what they include and how they function."
Moreover, maintaining and providing SBOMs indicates
that software manufacturers have the necessary organizational controls and
knowledge to support their customers in building reliable and trusted digital
infrastructure," he adds.
SBOM is available at Kaspersky's Transparency Centers which
operate in four countries. Customers and partners can view SBOMs for particular
products by requesting access to our Transparency Centers - both virtually and
physically - by email via TransparencyCenter@kaspersky.com.
Information about access to the facilities can be found on the dedicated webpage.
Kaspersky experts will also be ready to address any questions our partners and
customers might have in applying the SBOM data.
To learn more about Kaspersky's Global Transparency
Initiative, please visit the website.