OpenChain ISO 5230 Software Bill of Material Mapping

OpenChain Software Component Mapping


Software Bill of Material (SBOM) Mapping

A Software Bill of Material (SBOM) is a record of all the software components and their dependencies used in a software application, including open-source libraries, third-party software, and Application Programming Integrations.

SBOMs play a critical role in application security and business continuity by providing:


User cyber security with full and clear visibility of sub-processors in their data supply chains, their risk postures, and potential vulnerabilities


Software developers with a clear and accurate view of the components used in their applications, their dependencies, and any potential vulnerabilities they may contain

Compliance Auditors with mapped-out records of sub-processor compliance postures for efficient, effective, and auto-assisted compliance auditing delivering over 60% efficiency and audit cost.

Vendor Risk Management with a single point of reference to vendor compliance certificates, corporate policies, licenses, and copyright dependencies. Auto alerts of non-compliance events identify vulnerability and risk, allowing for pre-emptive action in advance of a breach or cyber-attack.

P3 Audit uses circular clustering logic to discover and authenticate active sub-processors in a distributive data supply chain. This ensures full visibility of the circularity of a supply chain, giving industry regulators the confidence that no touch point in a data and software supply chain is left out.  It is only when this information is known that software security measures can be implemented to identify and respond effectively to various cyber threat approaches.


Download ISO 5230 Requirments