Today, Lineaje is proud to introduce the industry’s first comprehensive SBOM Exchange- SBOM360 Hub for the complex software distribution chain.
SBOM360 Hub connects software producers, software consumers (customers), and software sellers (Sales organizations at Software Producers, Software Distributors, and Software Resellers) — enabling them to publish, share and use complaint SBOMs and related compliance artifacts.
As Executive Order 14028 takes effect starting September 2023, software producers and their distribution chain will see significant friction unless they can deliver SBOMs and linked attestation artifacts to their customers. This creates challenges for software sellers across the distribution chain as they scramble to acquire SBOMs from producers and share SBOMs and related artifacts with evaluators and buyers. Software consumers need access to their vendors’ SBOMs and related artifacts to evaluate them and assess compliance. The SBOM360 Hub addresses these needs directly.
With the SBOM360 Hub organizations can manage their software distribution chain with a unified platform that enables frictionless sales between the producers and consumers of software.
Since all software is dynamic, the SBOM360 Hub provides automated notifications as software changes, new versions are released, or as new vulnerabilities, weaknesses, IOCs, etc. in the software become known. The SBOM360 Hub provides comprehensive security profiles of all open-source dependencies of these commercial products.
Users can search their SBOMs, their vendor’s SBOMs, and their entire dependency chain for vulnerabilities, threats, provenance, suppliers - or any of the more than 150 attributes providers give access to — in seconds.
Each version of every software is assessed by the SBOM360 Hub — enabling users to identify trends in the security profile of each software component enabling better roadmap planning and collaboration across the software distribution chain.
The SBOM360 Hub has been designed with all stakeholders in the software distribution chain. SBOM360 Hub aligns visibility between software producers and software consumers while providing software sellers the match-making ability to ensure software commerce is not impacted. SBOM360 Hub creates a safe, transparent & collaborative exchange.
SBOM360 Hub is feature rich. Key features Include:
Software producers can now publish SBOMs for their specific distribution chain with restricted sharing, ensuring their privacy. All SBOMs are encrypted if downloaded but visible to, and shareable with, all stakeholders.
SBOM360 Hub generates a compliance report (Does your SBOM meet EO14028 minimum compliance requirements?) and compliance artifacts (SDLC attestations and component-level attestations) for each version of each product ensuring that your distribution chain can continue to support your business seamlessly. These sets of documents are digitally linked and immutably notarized so the distribution chain and software consumers can use untampered, attested SBOMs that are tied to specific versions.
SBOM360 Hub allows organizations to publish their SBOMs and compliance artifacts at Minimum, Recommended, or Custom depths, giving agencies the ability to request more detailed information in compliance with Executive Order 14028.
Software Producers offer multiple versions of the same product- configured differently; with features enabled and disabled, language support, specific compliance needs, various form factors, various operating systems supported, and various target segments. These versions are packaged and sold as SKUs through the distribution chain which software consumers, distributors, and resellers interact with.
With SBOM360 Hub software producers can create and publish SBOMs for both their products & SKUs which is useful for products that have multiple SKUs.
The SBOM360 Hub is a private, secure, and collaborative workspace for software producers, consumers, resellers, and distributors to participate in the ecosystem easily. New members can be invited with a single click, allowing for easy sharing across the distribution chain.
Software consumers now have the option to request their vendors’ SBOMs or be invited to access them. With SBOM360 Hub , just like Software producers can now publish all their SBOMs to their entire distribution chain in one place, software consumers can now subscribe to their vendors’ SBOMS and manage their entire software supply chain in one location. They can also subscribe to specific notifications such as when new versions are available or when new vulnerabilities are found. SBOM360 Hub assessment engines continuously scan all subscribed SBOMs and provide automated notifications for relevant updates like new critical vulnerabilities discovered.
SBOM260 Hub allows for seamless software distribution while promoting collaboration and interaction between vendors and customers to improve the software that they both rely on.
The SBOM360 Hub upload API is compatible with any SBOM creation tool your organization may have chosen.
Start with a free trial as a software producer, consumer or distributor, reseller, or system integrator. SBOM360 Hub is very attractively priced for our early customers. Take a look at our website and start now.
SBOM360 Hub is available immediately for Early Access. Go to SBOM360Hub.com, create an account and get started.