Software Bill of Materials: A Catalyst to a More Secure Software Supply Chain​

Abstract

This MBA innovation capstone project investigates cyber supply chain security, emphasizing targeted incidents within the United States. It encompasses Hacking for Defense (H4D), innovation capstone initiatives, and system dynamics modeling, culminating in Minimum Viable Product (MVP) development. Aligned with the "Back-to-Basics" restructuring initiative and Executive Order 14028, the research aims to enhance cyber supply chain security in line with three core objectives: validating the EITaaS Program Office's problem statement, identifying potential solutions, and offering informed recommendations. Methodologies include the Lean Launchpad, working groups, the goals-decisions-signals-data model, and system dynamics. Findings present advanced tools for EITaaS Supply Chain Risk Management, with implications for national security. The study underscores the importance of Software Bills of Materials (SBOMs) in DOD's software supply chain risk management. Effective SBOM implementation is crucial for strengthening the nation's cyber defense infrastructure. The research outlines a roadmap for improving cyber supply chain security, reducing cyberattacks, and minimizing economic losses, advocating for the implementation of an SBOM policy. It concludes with actionable recommendations for SBOM implementation, covering education, collaboration, best practices, process framework development, and DOD-specific SBOM standards.