Platform and method for assessment and verification of Software Bill of Materials (SBOM) and vulnerabilities across a software supply chain life cycle using blockchain
US11809575B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 25, 2023 |
| Grant date | Nov 7, 2023 |
| Priority date | — |
| Expiry date | Apr 25, 2043 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldIT methods for management
- WIPO sectorElectrical engineering
Abstract
Embodiments herein provide a blockchain based platform and method for assessment and verification of Software Bill of Materials (SBOM) across a software supply chain life cycle using blockchain. The method comprising generating the SBOM automatically from a software source code to automate governance of a software asset using blockchain smart contracts, publishing the generated SBOMs to a permissioned blockchain through secure publish, automatically recording timestamps and ownership stamps to the published SBOM's, analysing the software asset for supply chain information to verify if the software asset meets the minimum policy requirements for compliance based on provenance, licensing, vulnerability and security criteria set by the company, determining if a third-party software component is approved for use in the company's applications based on policy and compliance rules and identifying current vulnerabilities and potential remediation for software in use by the company.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.