This report, authored by members of the IoT Security Foundation Supply Chain Working Group and published in February 2023, sheds light on the importance of Software Bill of Materials (SBOMs) in the realm of IoT security. It underscores the significance of SBOMs by highlighting past vulnerabilities resulting from third-party software elements within IoT devices. Notably, the report emphasizes that a significant portion of an IoT device’s source code originates from existing code maintained by third-party providers, necessitating improved risk management practices. In response, the report outlines solutions, including the adoption of standards, processes for sharing SBOMs, and tools for generating and maintaining SBOMs, to address these challenges in the software supply chain.

Keywords: Control & Monitoring Equipment/Sensors, Cybersecurity/Privacy, Internet of Things (IoT)