The Importance of Software Bill of Materials (SBOM)
Purism
Latest posts by Purism (see all)
- The Importance of Software Bill of Materials (SBOM) - March 21, 2025
- PureOS Crimson Development Report: February 2025 - March 14, 2025
- PureOS Crimson Development Report: January 2025 - February 14, 2025
DHS’s Software Bill of Materials (SBOM) Efforts and Their Importance to National Security
The Department of Homeland Security (DHS) has been at the forefront of enhancing software supply chain security through its Software Bill of Materials (SBOM) initiatives. The SBOM is a comprehensive inventory of all components, libraries, and dependencies used in software development. This transparency is crucial for identifying potential vulnerabilities and mitigating risks associated with software supply chains.
At Purism, we work diligently with the Free/Libre and Open-Source Software (FLOSS) world and our devices run PureOS a Free Software Foundation (FSF) endorsed distribution using mainline Linux and a hybrid of Debian GNU/Linux. Purism’s articles of incorporation as a Social Purpose Corporation ensure that our entire SBOM is always released for audit, peer review, and supporting well established software freedoms.
The source code for PureOS is freely available to anyone. This transparency ensures that a global community of developers can scrutinize the code, identify vulnerabilities, and contribute patches. Unlike proprietary systems, where security through obscurity is the norm, PureOS thrives on openness and collective vigilance.
PureoS adheres to and utilizes Debian’s rigorous security practices. Every package in the Debian repository undergoes thorough vetting before it is included in the official release. The Debian Security Team actively monitors for vulnerabilities, issuing timely updates and patches. This proactive approach minimizes the window of exposure to potential threats, ensuring that users remain protected.
Minimal Attack Surface
PureOS is designed with a minimalistic approach, providing only essential services by default. This reduces the attack surface, limiting the number of potential entry points for attackers. Users have the flexibility to install additional packages as needed, ensuring that their system remains lean and secure.
DHS’s SBOM Efforts
DHS’s Science and Technology Directorate (S&T) has launched several initiatives to strengthen software supply chain visibility. One notable effort is the Silicon Valley Innovation Program (SVIP), which has awarded contracts to innovative companies to develop SBOM-based capabilities. These efforts aim to provide stakeholders with the tools needed to create a high-assurance software supply chain, enabling better visibility into software components and reducing the risk of cyber-attacks.
Purism, and the GNU/Linux software movement as a whole, has long understood that releasing the software source code (Software Bill of Materials (SBOM)) has significant benefits to society, security, individual freedom, and privacy protection; primarily because it puts the owner and operator of a device in complete control, removing that control from proprietary developers who have proven to not have your best interest in mind.
Importance to National Security
The importance of SBOMs to national security cannot be overstated. By providing detailed visibility into the software supply chain, SBOMs help identify and address vulnerabilities that could be exploited by malicious actors. This is particularly critical for government agencies and critical infrastructure sectors, where a breach could have severe consequences.
Purism’s Compliance Efforts
At Purism, we are committed to complying with SBOM requirements and enhancing our software supply chain security.
DHS’s SOM efforts are a vital component of national security, providing the transparency needed to protect against cyber threats. At Purism, we are dedicated to complying with these requirements and contributing to a more secure software ecosystem.
We leverage the robust security foundation of PureOS, Debian, and GNU/Linux to build our secure computing solutions. Our products, from laptops to smartphones, are designed with privacy and security at their core, powered by a secure and reliable framework. We ensure that our users benefit from the best of both worlds: the transparency and security of PureOS, coupled with Purism’s dedication to privacy and freedom.
Purism Products and Availability Chart
| Model | Status | Lead Time | ||
|---|---|---|---|---|
 | Librem Key (Made in USA) | In Stock ($59+) | 10 business days | |
 | Librem 5 | In Stock ($699+) 3GB/32GB | 10 business days | |
| Librem 5 COMSEC Bundle | In Stock ($1299+) Qty 2; 3GB/32GB | 10 business days | |
| Liberty Phone (Made in USA Electronics) | Backorder ($1,999+) 4GB/128GB | Estimated fulfillment April | |
| Librem 5 + SIMple (3 GB Data) | In Stock ($99/mo) | 10 business days | |
| Librem 5 + SIMple Plus (5 GB Data) | In Stock ($129/mo) | 10 business days | |
| Librem 5 + AweSIM (Unlimited Data) | In Stock ($169/mo) | 10 business days | |
 | Librem 11 | Backorder ($999+) 8GB/1TB | Estimated fulfillment April | |
 | Librem Server | In Stock ($2,999+) | 45 business days |
Recent Posts
Related Content
- The Importance of Software Bill of Materials (SBOM)
- Why the Salt Typhoon Hacks Make Our Public Networks Vulnerable
- PureOS Crimson Development Report: October 2024
- Freedom of Choice vs. Oppression of Big Tech
- The Case for Free/Libre and Open-Source Software: Enhancing Security and Privacy in the Digital Age
