Sign up to save your podcasts
Or
Share What the 2025 SBOM Minimum Elements Mean for Software Supply Chain Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
What the 2025 SBOM Minimum Elements Mean for Software Supply Chain Security
CISA and DHS have raised the bar for software transparency with the first major update to the Minimum Elements for an SBOM since 2021—expanding what every software supplier must disclose. But what does this really mean for developers, embedded system teams, and security leaders trying to protect critical infrastructure?
In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security’s Kelli Schwalm and CEO Joseph Saunders to unpack the technical and strategic impact of the 2025 SBOM draft.
Kelli explains key additions like component hashes, generation context, and transitive dependencies, and how they improve accuracy and traceability. Joe connects the dots to the bigger picture—how richer SBOMs enable resilience, transparency, and safer disclosure practices across the software supply chain.
Together, they explore:
- Why new SBOM data fields (like hashes and license metadata) matter for risk mitigation
- The ongoing challenges of SBOMs for embedded and C/C++ systems
- How stronger visibility supports secure vulnerability disclosure and compliance
- Why SBOMs are evolving from check-box compliance to core resilience tools
Whether you manage embedded software, oversee product security, or shape compliance policy, this episode reveals how the 2025 SBOM Minimum Elements is set to reshape software assurance for years to come.
View all episodes
By RunSafe SecurityCISA and DHS have raised the bar for software transparency with the first major update to the Minimum Elements for an SBOM since 2021—expanding what every software supplier must disclose. But what does this really mean for developers, embedded system teams, and security leaders trying to protect critical infrastructure?
In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security’s Kelli Schwalm and CEO Joseph Saunders to unpack the technical and strategic impact of the 2025 SBOM draft.
Kelli explains key additions like component hashes, generation context, and transitive dependencies, and how they improve accuracy and traceability. Joe connects the dots to the bigger picture—how richer SBOMs enable resilience, transparency, and safer disclosure practices across the software supply chain.
Together, they explore:
- Why new SBOM data fields (like hashes and license metadata) matter for risk mitigation
- The ongoing challenges of SBOMs for embedded and C/C++ systems
- How stronger visibility supports secure vulnerability disclosure and compliance
- Why SBOMs are evolving from check-box compliance to core resilience tools
Whether you manage embedded software, oversee product security, or shape compliance policy, this episode reveals how the 2025 SBOM Minimum Elements is set to reshape software assurance for years to come.