You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
software bill of materials
About this tag
The software bill of materials (SBOM) tag on WindowsForum.com covers discussions about inventorying open-source components and tracking vulnerabilities in software supply chains. Recent content focuses on Microsoft's Azure Linux and how SBOMs help identify affected libraries during security advisories like CVE-2019-10638. Topics include attestation of included open-source code, the scope of vulnerability disclosures, and the importance of SBOMs for enterprise IT teams managing Linux-based Azure workloads. The tag is relevant for security professionals and system administrators who need to assess risk from upstream dependencies in Microsoft's Linux distributions.
Microsoft’s short MSRC entry — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is accurate, but it is a scoped inventory attestation, not a blanket guarantee that no other Microsoft product carries the same vulnerable Linux code. The vulnerability in...