MITRE’s white paper for medical device makers outlines data normalization challenges in processing Software Bills of Materials (SBOMs), vital for cybersecurity and FDA compliance. Issues stem from varied SBOM maturity, inconsistent naming, formats, encoding, dates, and multiple “sources of truth.” Problems affect attributes like component/supplier names, versions, and vulnerabilities, risking false positives/negatives. Mitigations include canonical naming, alias databases, tooling, centralized repositories, and contract requirements for standardized SBOMs. It urges ecosystem-wide standards evolution, better tooling, and industry collaboration to ensure accurate, scalable SBOM generation and use.

Join for free to read