Request a demo

Thank you. We will be in touch with you shortly.
Cybeats announces brand new BCA Marketplace for SBOM generation. Read the announcement.

Mesopotamian Roots of SBOM

We could blame Hammurabi for software supply chain hacking, but that would be unfair. The problem started long before his time. The die was cast when melting glaciers flooded the Arabian Sea.

Accounting for employees' beer, 3000BCE (image courtesy British Museum)

Since then the best folks have worked diligently developing ways and means for tracking all the logistics necessary to handle all the goods and services needed to run cities and nations. These standards and practices are documented in Cuneiform, cursive, Cobol, and C++ on clay and parchment and punch cards and Cloud. The history of best efforts and common denominators, revisions and revolutions, litter the ground of Mesopotamia and fill the shelves of Harvard.

Still, lets blame poor old Hammurabi.

The time of Hammurabi was not the beginning of the codification of trade, the era itself was an emergent property of long-growing dynamics. The value of that codification of human interaction proved worthwhile at that time in that place, the added effort resulted in more wealth and more productivity. No doubt the Mesopotamian business world was full of second guessing about these newfangled rules, hastily inscribed clay certainly flew. How could goatherds survive if they had to tell their customers where they grazed, for Om’s sake?

It is simple today to say today who was right, but the debates of the day would have been very familiar to those involved with software supply chain changes today. How much productivity does this new accounting cost me? How do I protect my trade secrets? What keeps those running the system from misusing it? What language do we use, and what information does the vendor need to press into clay?

That we stand today on a world built entirely on a geological footing of clay tablets laid down by billions of hands over 500 generations gives some hope to the efforts of the small supply chain tweaks underway today. Software Bills of Materials (SBOMs), Vulnerability eXploitability Exchange (VEX), and other “new” means and methods are informed by 10,000 years of practice. An SBOM carved in a clay tablet would not be unfamiliar to a merchant of the time of Hammurabi.

Nobody was certain that Hammurabi was correct. There was no way to know in advance whether those new rules were a drag on wealth or an opportunity to create more. Just as today it remains to be seen whether software supply chain security brings only more cost or also opens doors to new business.

The Importance Of Validation In SBOM Generation

March 19, 2024

Tern is an open source software composition analysis and SBOM generation tool that generates SBOMs from container images. However, upon running this tool and generating a CycloneDX SBOM, a problem arose.

Read More →

The Power of SBOMs: Building Resilience in Our Critical Infrastructure

March 4, 2024

As a member of the PCAST Working Group on Cyber-Physical Resilience, I was involved in crafting the recent report outlining crucial steps to fortify the intricate systems that underpin our daily lives. One of our key recommendations, "Recommendation 4B: Promote Supply Chain

Read More →

Revolutionizing Healthcare Security: The Power of the Health-ISAC and Cybeats Partnership in SBOM use

December 15, 2023

Notably, the Health Information Sharing and Analysis Center (Health-ISAC) is entering into a partnership with Cybeats, a leading software supply chain intelligence company, marking a substantial advancement in healthcare cybersecurity.

Read More →

See Cybeats Security
Platform in Action Today.