Axis Communications announces software bills of materials (SBOM) for AXIS OS, the Linux-based operating system used in most Axis devices. The goal is added focus on cybersecurity and improved transparency mainly for customers, security researchers and authorities.
Beginning with the January 2023 release of AXIS OS 11.2, every AXIS OS release will be complemented by an SBOM in CycloneDX-format. Each SBOM will transparently list all OpenSource and Axis-proprietary software components that comprise the AXIS OS release. Initially, due to current licensing and technical limitations, pre-compiled bundles, third-party proprietary components, and Axis-proprietary components with dependencies will be excluded. Axis will work to include these components in future releases.
So, what is an SBOM? Like a manufacturing or engineering bill of materials, a software bill of materials is an extensive, detailed list of all the components required to construct a software product – in this case Axis OS. It can also be compared to the list of ingredients on a food package: When you know the ingredients of the item, you know exactly what you’re buying. The principle is the same for software.
Key benefits of an SBOM include access to:
- A list of all components (including versions) that comprise a product
- A transparent inventory of the software supply chain
- Insight into known vulnerabilities that might affect components
- Insight into cybersecurity best practices applied by suppliers
- Valuable information for 3rd parties who specialize in vulnerability assessment, threat-analysis, and remediation plans
Johan Paulsson, CTO at Axis Communications comments, “Axis believe that long-term cybersecurity is built on trust and transparency. Supplying an SBOM for AXIS OS is yet another building block in our efforts to provide customers with transparent information about their Axis products.”
To access the SBOM for AXIS OS, users should follow standard procedure for downloading AXIS OS from www.axis.com. A new link will let users download and view the SBOM. They can then open it in a text editor and access all the information it contains.
Axis Communications is exploring how SBOMs apply to and can be provided for other Axis products in the future.