Spectra Assure Free Trial
Get your 14-day free trial of Spectra Assure for Software Supply Chain Security
Get Free TrialMore about Spectra Assure Free TrialA CBOM, or Cryptographic Bill of Materials, is a comprehensive inventory that catalogs all cryptographic elements used within a software application, system, or product. This includes encryption algorithms, key lengths, certificate chains, libraries, protocols, and even policy configurations. A CBOM helps identify how and where cryptographic techniques are applied, and whether those implementations meet modern security standards.
CBOMs are particularly critical for managing cryptographic hygiene, avoiding deprecated algorithms (e.g., SHA-1), and preparing for future risks like quantum computing.
Cryptographic assets are fundamental to data privacy, secure communications, and digital trust. However, misused, outdated, or improperly configured cryptography can expose private data, intellectual property, communications, services, authentication and access.
Advances in quantum computers are likely to make traditional cryptography mechanisms unsafe to use in the 2030s. This necessitates migration to more secure ways of protecting digital infrastructure and services, especially organizations in highly regulated sectors like finance, healthcare, government, and aerospace. CBOMs are valuable for migration planning, providing insight into systems, services, applications and software components that leverage cryptography.
CBOMs allow organizations to:
CBOMs are created by analyzing the software stack using static code analysis, dynamic inspection, binary scanning, or configuration reviews. CBOMs can be produced as part of secure development workflows or during third-party software evaluations.
CBOMs can capture information about:
CBOMs provided in a standardized, machine-readable format enable automated analysis such as checking for policy compliance.

RL recently discovered active Microsoft 365 device code phishing. Here's a walkthrough of how our researchers found the campaign.

While this repository vector is not new, researchers have uncovered a new twist for exploiting trusted metrics to hide malicious code.

Explore the new Gartner® Magic Quadrant™ for software supply chain security and learn why ReversingLabs is recognized.