On September 3, 2025, the National Cyber and Information Security Agency of the Czech Republic (NÚKIB) joined the document ‘A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity’, issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) together with the National Security Agency (NSA) and additional international partners. The document was developed within the Global SBOM Forum, which aims to promote the broader use of this tool in practice, and of which NÚKIB has been an active member on behalf of the Czech Republic since early 2025.
An SBOM (Software Bill of Materials) can be understood as a ‘list of ingredients’ of software – a machine-readable record of all components and libraries used in its development. At a time when modern software increasingly relies on external and open-source components, SBOM represents a fundamental step toward greater supply chain transparency and, consequently, better protection against cyber threats. If a vulnerability is discovered in a particular component, SBOM makes it possible to quickly determine where exactly it is located and to take targeted measures. The result is faster updates, more stable digital services that citizens and institutions rely on daily, and more efficient spending on software maintenance and auditing. For the protection of critical infrastructure and services with a direct impact on public safety, this transparency is of crucial importance.
The published document emphasizes that the widespread adoption of SBOM is an essential step toward creating software in line with the secure-by-design principle – ensuring that security is integrated from the very beginning. It also calls for the alignment of technical standards across countries and sectors so that SBOM can function consistently and remain interoperable and be implemented on a large scale. A common framework will help reduce complexity, increase efficiency, and, above all, strengthen trust in the digital environment.
‘Today’s software is becoming increasingly complex and often consists of hundreds of components originating from various sources and libraries. SBOM brings essential transparency into this complex environment and clearly shows what the software is made of. I regard SBOM as a key step toward creating truly secure and resilient software – already from its design. At the same time, this approach contributes to building an environment in which citizens and institutions can rely with greater confidence on the technologies that power modern software,’ said Lukáš Kintr, Director of NÚKIB.
Celá zpráva
2025-09-03