5 September 2025
An SBOM is a formal record of the details and supply chain relationships of various components used in building software. It can also be thought of as a “list of ingredients” for software. SBOMs have emerged as a key tool to address challenges in securing software because of the visibility they provide into the components of software.
The authoring organisations aim to further inform producers of software, choosers of software (i.e. organisations procuring software), and operators of software about the advantages of integrating SBOM generation, analysis, and sharing into security processes and practices. SBOM adoption is an integral condition for software to be secure by design. Widespread adoption of SBOM will also strengthen security, reduce risk, and decrease costs.
The NCSC and its international partners understand the value of SBOM in securing the software supply chain and recognise the need for greater transparency in software development.
We encourage producers, choosers, and operators of software across the software ecosystem in New Zealand to familiarise themselves with this guidance and apply the best practices.
Read the full guidance here. External Link
If you have any questions about this guidance, contact info@ncsc.govt.nz