Joint Guidance

A Shared Vision of Software Bill of Materials (SBOM) for Cybersecurity

The National Cyber Security Centre (NCSC) has joined the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and other international partners to release guidance for a shared vision of Software Bill of Materials (SBOM) and the value that increased software component and supply chain transparency can offer to the global community.

5 September 2025

An SBOM is a formal record of the details and supply chain relationships of various components used in building software. It can also be thought of as a “list of ingredients” for software. SBOMs have emerged as a key tool to address challenges in securing software because of the visibility they provide into the components of software.

The authoring organisations aim to further inform producers of software, choosers of software (i.e. organisations procuring software), and operators of software about the advantages of integrating SBOM generation, analysis, and sharing into security processes and practices. SBOM adoption is an integral condition for software to be secure by design. Widespread adoption of SBOM will also strengthen security, reduce risk, and decrease costs.

The NCSC and its international partners understand the value of SBOM in securing the software supply chain and recognise the need for greater transparency in software development.

We encourage producers, choosers, and operators of software across the software ecosystem in New Zealand to familiarise themselves with this guidance and apply the best practices.

Read the full guidance here. External Link

If you have any questions about this guidance, contact info@ncsc.govt.nz