SBOM business case
SBOM can practically deliver on the following business cases
| Risk type | Use case |
|---|---|
| Software vulnerability risk | Does my system have any critical vulnerabilities?A new critical CVE is announced in component X - which of my systems are impacted? |
| Export risk | Does my inventory contain any Foreign Ownership, Control, or Influence (FOCI) issues? |
| Licensing risk | Does my inventory contain any licensing risks - e.g. GPL pollution ? |
| Support risk | Under CSA (or other) regulations, what software support liabilities exist through dependencies on external (open source?) systems |
note
Can we think of any more