Australia: Cybersecurity and Infrastructure Security Agency and 17 international cybersecurity organisations' adopted guidance on Software Bill of Materials for cybersecurity

On 3 September 2025, the United States' Cybersecurity and Infrastructure Security Agency and 17 international cybersecurity organisations, including the Australian Signals Directorate’s Australian Cyber Security Centre, Canadian Centre for Cyber Security, Japan’s National Cybersecurity Office, New Zealand’s National Cyber Security Centre and Korea Internet and Security Agency adopted the guidance on Software Bill of Materials (SBOM) for cybersecurity. The guidance applies to software producers and operators across all sectors, including organisations that develop, acquire, or deploy software and manage software supply chains. The guidance defines SBOMs as formal records of software components and supply chain relationships. The guidance requires software producers to generate machine-processable SBOMs and organisations to integrate SBOM generation, analysis, and sharing into security processes for vulnerability management and faster threat response through automated tools.