SBOM Generation for Embedded Firmware: SPDX and the CycloneDX Comparison

Software bills of materials are required for some government contracts and increasingly expected for any product with security claims. Generating a useful SBOM for embedded C firmware.

Overview

This note is part of the field-notes archive generated for this site. The summary below is the published excerpt; you can expand the full write-up anytime in the CMS.

Related notes

Security Tradeoffs Engineering Roadmap
Component Substitution Supply Chain

SBOM Generation for Embedded Firmware: SPDX and the CycloneDX Comparison

Overview

Related notes

Tags

Tags

Manish Bookreader

You Might Also Like

Attention Is All You Need: Notes Seven Years Later

Post-Quantum Cryptography in Embedded Systems: CRYSTALS-Kyber on Cortex-M4

Designing for Debuggability: The System Properties That Make 2 AM Easier