Manifest Misconceptions: Closing the Gaps in SCA-Based SBOMs

#1685991: Manifest Misconceptions: Closing the Gaps in SCA-Based SBOMs - June 26, 2025

Description:	As software supply chain attacks rise and regulations tighten, organizations are turning to SBOMs to manage risk. But new ReversingLabs research reveals a major issue: SBOMs generated solely from manifests—common with SCA tools—miss nearly half of the actual components in deployed software. This blind spot leaves organizations exposed to hidden vulnerabilities, malware, and compliance risks. Join ReversingLabs experts as we unpack key findings from our latest report, Manifest Misconceptions: The Gaps in SCA-Based SBOMs. Through real-world examples like NumPy, SolarWinds Orion, and 3CX, we’ll show how manifest-based SBOMs overlook critical and even malicious components. You’ll learn: Why manifest-driven SBOMs miss ~50% of components—and the risks that creates How dynamic dependencies and modern build processes contribute to the gaps What binary analysis reveals that manifests miss How ReversingLabs Spectra Assure™ delivers complete SBOMs and risk insights Don’t let your organization operate with a false sense of security. Discover practical steps to achieve true software supply chain transparency and resilience, beyond the manifest. Register now to secure your spot! Attend live and receive an attendance certificate to be used towards CPE credits.
More info:	https://www.reversinglabs.com/webinar/manifest-misconceptions-closing-the-gaps-in-sca-based-sboms

Description:

As software supply chain attacks rise and regulations tighten, organizations are turning to SBOMs to manage risk.

But new ReversingLabs research reveals a major issue: SBOMs generated solely from manifests—common with SCA tools—miss nearly half of the actual components in deployed software. This blind spot leaves organizations exposed to hidden vulnerabilities, malware, and compliance risks.

Join ReversingLabs experts as we unpack key findings from our latest report, Manifest Misconceptions: The Gaps in SCA-Based SBOMs. Through real-world examples like NumPy, SolarWinds Orion, and 3CX, we’ll show how manifest-based SBOMs overlook critical and even malicious components.

You’ll learn:

Why manifest-driven SBOMs miss ~50% of components—and the risks that creates
How dynamic dependencies and modern build processes contribute to the gaps
What binary analysis reveals that manifests miss
How ReversingLabs Spectra Assure™ delivers complete SBOMs and risk insights
Don’t let your organization operate with a false sense of security. Discover practical steps to achieve true software supply chain transparency and resilience, beyond the manifest.

Register now to secure your spot! Attend live and receive an attendance certificate to be used towards CPE credits.

More info:

https://www.reversinglabs.com/webinar/manifest-misconceptions-closing-the-gaps-in-sca-based-sboms

Date added	June 11, 2025, 4:50 a.m.
Source	Reversing Labs
Subjects	PodCasts / Webcast / Webinar / eSummit / Virtual Event etc. Security Management/Strategic Security/ROI/ROSI - CISO and Higher Level Software Bill of Materials (SBOM) / pipeline bill of materials (PBOM) / software composition analysis (SCA) tool
Venue	June 26, 2025, midnight - June 26, 2025, midnight