Enhanced SBOM for Optimized Software Sustainment (E-BOSS)
Abstract
The Enhanced SBOM for Optimized Software Sustainment (E-BOSS) program is creating enhanced software bill of materials (eSBOM) technologies with new types of rich metadata and developing cyber reasoning algorithms and tools that leverage eSBOMs to defend against potential flaws during the software development process, as well as to triage and remediate flaws found in operation. The global impacts of flawed software deployed at scale (such as the Log4Shell vulnerability found in Log4j cloud and web app deployments, where mitigations took from one week to months, and are not yet completed for a large percentage of systems) motivated the new SBOM requirements in Executive Order 14028. However, SBOMs alone cannot enable identification and mitigation of the flow of hostile data to the flaws in the code. E-BOSS will develop software technologies integrated with modern software build chains to enable rapid triage and remediation of vulnerabilities at the scale of national computing infrastructure. The enhanced metadata incorporated in the eSBOMs will enable trace back of discovered flaw evidence, starting from a crash and walking back through complex inter-component interactions, transfers, and transformations to derive the vulnerability triggers. If successful, E-BOSS technologies will enable cyber-reasoning for improved remediation and sustainment of large-scale software systems. The E-BOSS program is funded in PE 0601101E, Project CCS-02 and PE 0602303E, Project IT-03.
Document Details
- Document Type
- Accomplishment
- Publication Date
- Oct 01, 2025
- Source ID
- 31ce91bc86939564d1aba118850ecacb