{"id":42459,"date":"2026-01-28T08:50:32","date_gmt":"2026-01-28T08:50:32","guid":{"rendered":"https:\/\/wegg.it\/?p=42459"},"modified":"2026-02-06T10:41:34","modified_gmt":"2026-02-06T10:41:34","slug":"supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale","status":"publish","type":"post","link":"https:\/\/wegg.it\/eng\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/","title":{"rendered":"Supply chain software, vulnerabilities, and regulations: why SBOM is no longer optional"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"42459\" class=\"elementor elementor-42459\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-53e0c95 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"53e0c95\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-531edbf\" data-id=\"531edbf\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-8bb2f54 elementor-hidden-mobile elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"8bb2f54\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<div class=\"elementor-icon\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" id=\"Livello_1\" x=\"0px\" y=\"0px\" viewBox=\"0 0 92.25 92.25\" style=\"enable-background:new 0 0 92.25 92.25;\" xml:space=\"preserve\"><polygon points=\"90.25,2.93 90.25,88.84 1.41,0 0,1.41 88.84,90.25 2.93,90.25 2.93,92.25 92.25,92.25 92.25,2.93 \"><\/polygon><\/svg>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-5ee191b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"5ee191b\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-2c6e3a6\" data-id=\"2c6e3a6\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-20926b3 elementor-widget elementor-widget-image\" data-id=\"20926b3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"800\" height=\"534\" src=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--1024x683.jpg\" class=\"attachment-large size-large wp-image-42464\" alt=\"Articolo Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale\" srcset=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--1024x683.jpg 1024w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--300x200.jpg 300w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--768x512.jpg 768w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--1536x1025.jpg 1536w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE--18x12.jpg 18w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg 1587w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-025de72 elementor-widget elementor-widget-post-info\" data-id=\"025de72\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"post-info.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<ul class=\"elementor-inline-items elementor-icon-list-items elementor-post-info\">\n\t\t\t\t\t\t\t\t<li class=\"elementor-icon-list-item elementor-repeater-item-8dd652e elementor-inline-item\" itemprop=\"datePublished\">\n\t\t\t\t\t\t<a href=\"https:\/\/wegg.it\/eng\/2026\/01\/28\/\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-icon-list-text elementor-post-info__item elementor-post-info__item--type-date\">\n\t\t\t\t\t\t\t\t\t\t<time>January 28, 2026<\/time>\t\t\t\t\t<\/span>\n\t\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t<\/ul>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a3e7748 elementor-widget elementor-widget-theme-post-title elementor-page-title elementor-widget-heading\" data-id=\"a3e7748\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"theme-post-title.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h1 class=\"elementor-heading-title elementor-size-default\">Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-71e4747 elementor-widget elementor-widget-text-editor\" data-id=\"71e4747\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<h2><span class=\"TextRun SCXW217650739 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW217650739 BCX8\" data-ccp-parastyle=\"Normal (Web)\"><span class=\"TextRun SCXW88252914 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW88252914 BCX8\" data-ccp-parastyle=\"Normal (Web)\"><span class=\"TextRun SCXW553546 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW553546 BCX8\">Perch\u00e9 conoscere la composizione del software \u00e8 oggi un requisito essenziale<\/span><\/span><\/span><\/span><\/span><\/span><\/h2><p><em><span class=\"NormalTextRun SCXW101371748 BCX8\"><span class=\"TextRun SCXW143001908 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW143001908 BCX8\" data-ccp-parastyle=\"Normal (Web)\"><span class=\"NormalTextRun SCXW172112459 BCX8\" data-ccp-parastyle=\"Normal (Web)\"><span class=\"NormalTextRun SCXW136232475 BCX8\">Oggi la Software Bill of <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW136232475 BCX8\">Materials<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">\u00a0(SBOM) \u00e8 diventata uno strumento fondamentale per gestire\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">la\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">sicurezza,\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">la\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">compliance e\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">il\u00a0<\/span><span class=\"NormalTextRun SCXW136232475 BCX8\">rischio nella supply chain software, soprattutto in un contesto in cui il riuso di componenti open source \u00e8 diffuso su larga scala. In questo articolo raccontiamo come, attraverso il nostro approccio, sia possibile automatizzare la raccolta e la gestione di queste informazioni, migliorando visibilit\u00e0 e resilienza.<\/span><\/span><\/span><\/span><\/span><\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-65a3c6e elementor-widget elementor-widget-text-editor\" data-id=\"65a3c6e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"none\"><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">Per anni la sicurezza del software \u00e8 stata affrontata come <\/span><\/span><strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">un problema prevalentemente tecnico<\/span><\/span><\/strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">, fatto di patch, firewall e controlli perimetrali. Oggi questa visione non \u00e8 pi\u00f9 sufficiente. Le applicazioni che utilizziamo e sviluppiamo non sono pi\u00f9 monoliti costruiti interamente in casa, ma<strong>\u202f<\/strong><\/span><\/span><strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">ecosistemi complessi<\/span><\/span><\/strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">, composti da librerie open source, componenti commerciali, servizi cloud, framework e moduli sviluppati da terze parti. <\/span><\/span><\/span><\/p><p><span data-contrast=\"none\"><span class=\"LineBreakBlob BlobObject DragDrop SCXW77975179 BCX8\">In questo contesto, la domanda non \u00e8 pi\u00f9 semplicemente \u201cil mio software \u00e8 sicuro?\u201d, ma piuttosto: \u201cdi cosa \u00e8 fatto il mio software e cosa comporta in termini di rischio, responsabilit\u00e0 e compliance?\u201d<\/span><\/span><\/p><p><span data-contrast=\"none\"><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">\u00c8 qui che entra in gioco la<strong>\u202f<\/strong><\/span><\/span><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><strong><span class=\"NormalTextRun SCXW77975179 BCX8\">Software Bill of\u00a0<\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW77975179 BCX8\">Materials<\/span><\/strong><span class=\"NormalTextRun SCXW77975179 BCX8\">\u00a0<strong>(SBOM)<\/strong><\/span><\/span><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">: la distinta base del software, ovvero un inventario strutturato e interrogabile dei componenti che lo compongono. Quello che fino a poco tempo fa era un tema per addetti ai lavori sta rapidamente diventando <\/span><\/span><strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">una necessit\u00e0 trasversale<\/span><\/span><\/strong><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\">, che riguarda tutte le organizzazioni,\u00a0<\/span><\/span><span class=\"TextRun SCXW77975179 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW77975179 BCX8\"><strong>non solo chi sviluppa software<\/strong>.<\/span><\/span><span class=\"LineBreakBlob BlobObject DragDrop SCXW77975179 BCX8\"><span class=\"SCXW77975179 BCX8\">\u00a0<\/span><br class=\"SCXW77975179 BCX8\" \/><\/span><\/span><\/p><p>\u00a0<\/p><h3><b><span data-contrast=\"none\"><span class=\"NormalTextRun SCXW70400778 BCX8\">Il software moderno \u00e8 una supply chain (anche quando sembra \u201csolo <\/span><span class=\"NormalTextRun SpellingErrorV2Themed SCXW70400778 BCX8\">un\u2019app<\/span><span class=\"NormalTextRun SCXW70400778 BCX8\">\u201d)<\/span><\/span><\/b><\/h3><p><span data-contrast=\"none\">Quando pensiamo a un\u2019applicazione, tendiamo ancora a immaginarla come\u00a0<\/span><b><span data-contrast=\"none\">un prodotto relativamente compatto<\/span><\/b><span data-contrast=\"none\">, sviluppato e controllato da\u00a0un singolo team. In realt\u00e0, il software moderno\u00a0<\/span><b><span data-contrast=\"none\">\u00e8 sempre pi\u00f9 simile a una<\/span><\/b><span data-contrast=\"none\">\u202f<\/span><b><span data-contrast=\"none\">supply chain<\/span><\/b><span data-contrast=\"none\">, paragonabile a quella di\u00a0<\/span><b><span data-contrast=\"none\">un prodotto industriale<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">Accanto al codice proprietario sviluppato internamente, un\u2019applicazione include oggi\u00a0<\/span><b><span data-contrast=\"none\">una quantit\u00e0 crescente di componenti esterni<\/span><\/b><span data-contrast=\"none\">: librerie open source, framework, runtime, SDK di terze parti, plugin e moduli forniti da vendor, componenti commerciali acquistati e integrati (COTS), oltre a servizi cloud, API e pacchetti provenienti da marketplace. Il risultato \u00e8 <\/span><b><span data-contrast=\"none\">un<\/span><\/b><span data-contrast=\"none\">\u202f<\/span><b><span data-contrast=\"none\">assemblato di elementi con origini diverse<\/span><\/b><span data-contrast=\"none\">, ciascuno con il proprio ciclo di vita, le proprie vulnerabilit\u00e0 e i propri vincoli di licenza.<\/span><\/p><p><b><span data-contrast=\"none\">Questa complessit\u00e0 \u00e8 amplificata dal modo in cui il software viene prodotto<\/span><\/b><span data-contrast=\"none\">. \u00c8 normale che\u00a0pi\u00f9 team\u00a0contribuiscano alla stessa applicazione \u2014 interni, fornitori, consulenti \u2014 e che gli stessi componenti vengano riutilizzati in pi\u00f9 progetti.\u00a0<\/span><b><span data-contrast=\"none\">Le dipendenze cambiano frequentemente<\/span><\/b><span data-contrast=\"none\">: nuove versioni, nuove librerie, nuove immagini container entrano in produzione con grande rapidit\u00e0.<\/span><\/p><p><span data-contrast=\"none\">Il vantaggio \u00e8 evidente:\u00a0<\/span><b><span data-contrast=\"none\">lo<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">sviluppo\u00a0\u00e8\u00a0pi\u00f9 veloce e\u00a0aumenta la\u00a0capacit\u00e0 di innovazione<\/span><\/b><span data-contrast=\"none\">. Il rovescio della medaglia \u00e8 altrettanto chiaro:\u202f<\/span><b><span data-contrast=\"none\">la superficie di rischio aumenta<\/span><\/b><span data-contrast=\"none\">. Ogni dipendenza rappresenta\u00a0<\/span><b><span data-contrast=\"none\">una possibile fonte di vulnerabilit\u00e0<\/span><\/b><span data-contrast=\"none\">, problemi di compatibilit\u00e0 o obblighi di licenza non gestiti. E ogni aggiornamento, se non governato con la giusta visibilit\u00e0, pu\u00f2 introdurre nuovi rischi.<\/span> <span data-contrast=\"none\">Trattare il software come una supply chain non \u00e8 quindi un esercizio teorico, ma\u00a0<\/span><b><span data-contrast=\"none\">una presa d\u2019atto necessaria<\/span><\/b><span data-contrast=\"none\">\u00a0per comprenderne davvero complessit\u00e0 e responsabilit\u00e0.<\/span><\/p><p>\u00a0<\/p><h3><strong><span class=\"TextRun SCXW137924333 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW137924333 BCX8\">Vulnerabilit\u00e0: quando il rischio si propaga a cascata<\/span><\/span><\/strong><\/h3><p><span data-contrast=\"none\"><strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">Uno dei punti di forza dell\u2019open source \u00e8<\/span><\/span><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">\u00a0<\/span><\/span><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">il riuso<\/span><\/span><\/strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">: componenti condivisi da migliaia di progetti accelerano lo sviluppo e favoriscono l\u2019innovazione. Allo stesso tempo, <\/span><\/span><strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">questo modello crea<\/span><\/span><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">\u00a0<\/span><\/span><\/strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\"><strong>un effetto moltiplicatore<\/strong> <strong>del rischio<\/strong><\/span><\/span><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">. Quando emerge una vulnerabilit\u00e0 in un componente ampiamente diffuso, l\u2019impatto non \u00e8 circoscritto a un singolo prodotto, ma\u202f<\/span><\/span><strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">si estende a interi ecosistemi software<\/span><\/span><\/strong><span class=\"TextRun SCXW74858392 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW74858392 BCX8\">.<\/span><\/span><span class=\"EOP SCXW74858392 BCX8\" data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9acba6a elementor-widget elementor-widget-image\" data-id=\"9acba6a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-scaled.png\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Sbom_Immagine\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6NDI0NTcsInVybCI6Imh0dHBzOlwvXC93ZWdnLml0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDI2XC8wMVwvU2JvbV9JbW1hZ2luZS1zY2FsZWQucG5nIn0%3D\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"530\" data-src=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-1024x679.png\" class=\"attachment-large size-large wp-image-42457 lazyload\" alt=\"\" data-srcset=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-1024x679.png 1024w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-300x199.png 300w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-768x509.png 768w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-1536x1019.png 1536w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-2048x1358.png 2048w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Sbom_Immagine-18x12.png 18w\" data-sizes=\"(max-width: 800px) 100vw, 800px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 800px; --smush-placeholder-aspect-ratio: 800\/530;\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-05b4d76 elementor-widget elementor-widget-text-editor\" data-id=\"05b4d76\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"none\">In questi casi, il problema\u00a0<\/span><b><span data-contrast=\"none\">non \u00e8 tanto l\u2019esistenza della vulnerabilit\u00e0 in s\u00e9<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 le vulnerabilit\u00e0 sono inevitabili \u2014\u00a0<\/span><b><span data-contrast=\"none\">quanto la capacit\u00e0 di capire rapidamente\u202fse e dove\u202fquella vulnerabilit\u00e0 impatta la propria organizzazione<\/span><\/b><span data-contrast=\"none\">. Significa sapere se un componente \u00e8 utilizzato, in quale versione, se \u00e8 presente direttamente o come dipendenza indiretta, dove \u00e8 stato distribuito e chi lo ha introdotto lungo la catena di sviluppo o fornitura.<\/span><\/p><p><span data-contrast=\"none\">Eventi come Apache Struts nel 2017, Log4Shell nel 2021 o la vulnerabilit\u00e0 di cURL nel 2023 hanno mostrato con chiarezza questo meccanismo. In tutti questi casi, la differenza tra chi ha reagito in modo rapido ed efficace e chi ha faticato per settimane \u00e8 stata spesso una sola:\u202f<\/span><b><span data-contrast=\"none\">la visibilit\u00e0 sulla composizione del software<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">Le organizzazioni che sapevano esattamente\u00a0<\/span><b><span data-contrast=\"none\">cosa avessero in<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">produzione hanno potuto individuare rapidamente i punti di esposizione e intervenire<\/span><\/b><span data-contrast=\"none\">. Chi, invece, non disponeva di questa visibilit\u00e0 si \u00e8 trovato a cercare \u201cal buio\u201d, con impatti rilevanti su tempi, costi e rischio operativo. \u00c8 in questo contesto che la SBOM diventa <\/span><b><span data-contrast=\"none\">un vero<\/span><\/b><span data-contrast=\"none\">\u202f<\/span><b><span data-contrast=\"none\">acceleratore operativo<\/span><\/b><span data-contrast=\"none\">. Disporre di un inventario strutturato dei componenti software non elimina le vulnerabilit\u00e0, ma riduce drasticamente il tempo e l\u2019incertezza necessari per identificarle, valutarne l\u2019impatto e gestirle in modo mirato.<\/span><\/p><p>\u00a0<\/p><h3><b><span data-contrast=\"none\">Non \u00e8 solo sicurezza: SBOM significa anche compliance e responsabilit\u00e0<\/span><\/b><\/h3><p><span data-contrast=\"none\">Il tema della SBOM viene spesso introdotto partendo dalla sicurezza: vulnerabilit\u00e0, CVE,\u00a0patching. Ma fermarsi a questo livello \u00e8 riduttivo. Esiste un secondo piano, altrettanto rilevante, che riguarda\u202f<\/span><b><span data-contrast=\"none\">licenze, obblighi legali e responsabilit\u00e0 lungo la supply chain software<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">Un caso emblematico in questo senso \u00e8 quello di\u202f<\/span><a href=\"https:\/\/www.theregister.com\/2025\/12\/05\/vizio_gpl_source_code_ruling\/\"><b><span data-contrast=\"auto\">Vizio<\/span><\/b><\/a><span data-contrast=\"none\">, frequentemente citato nel mondo open source e copyleft. La vicenda \u00e8 interessante perch\u00e9 sposta il focus da\u202f<\/span><i><span data-contrast=\"none\">\u201cstiamo usando software open source?\u201d<\/span><\/i><span data-contrast=\"none\">\u202fa una domanda molto pi\u00f9 scomoda :\u202f\u201c<\/span><i><span data-contrast=\"none\">possiamo dimostrare di rispettarne davvero le condizioni?\u201d<\/span><\/i><\/p><p><span data-contrast=\"none\">Vizio \u00e8 stata coinvolta in una causa legata all\u2019<\/span><b><span data-contrast=\"none\">utilizzo di componenti software rilasciati sotto licenza GPL\u00a0<\/span><\/b><span data-contrast=\"none\">all\u2019interno dei propri smart TV. Il punto centrale\u00a0<\/span><b><span data-contrast=\"none\">non era semplicemente l\u2019uso di software open source<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 pratica del tutto legittima \u2014 ma\u00a0<\/span><b><span data-contrast=\"none\">il modo in cui tale software veniva distribuito<\/span><\/b><span data-contrast=\"none\">. Secondo le contestazioni,\u00a0<\/span><b><span data-contrast=\"none\">il codice sorgente rilasciato non era sufficiente a consentire un utilizzo reale<\/span><\/b><span data-contrast=\"none\">: mancavano parti fondamentali, istruzioni di build, informazioni sulle modifiche effettuate e una chiara tracciabilit\u00e0 dei componenti inclusi.<\/span><\/p><p><span data-contrast=\"none\">Il caso \u00e8 diventato rilevante perch\u00e9 ha chiarito un principio fondamentale:\u202f<\/span><b><span data-contrast=\"none\">non basta dichiarare la conformit\u00e0 a una licenza open source, bisogna essere in grado di provarla in modo concreto e verificabile<\/span><\/b><span data-contrast=\"none\">. Nei contesti embedded e nei prodotti commerciali che incorporano OSS \u2014 come Linux embedded, driver modificati o librerie copyleft \u2014 una gestione superficiale della composizione software <\/span><b><span data-contrast=\"none\">porta rapidamente a situazioni critiche<\/span><\/b><span data-contrast=\"none\">. Il risultato \u00e8 spesso\u00a0<\/span><b><span data-contrast=\"none\">un rilascio del sorgente solo formalmente corretto<\/span><\/b><span data-contrast=\"none\">,\u00a0<\/span><b><span data-contrast=\"none\">ma<\/span><\/b><span data-contrast=\"none\">\u00a0privo delle informazioni necessarie a garantirne una reale fruibilit\u00e0, con conseguenti rischi legali e reputazionali per l\u2019organizzazione.<\/span><\/p><p><span data-contrast=\"none\">Il punto di fondo \u00e8 che\u202f<\/span><b><span data-contrast=\"none\">la supply chain software genera obblighi<\/span><\/b><span data-contrast=\"none\">, non solo tecnici ma\u00a0<\/span><b><span data-contrast=\"none\">anche contrattuali e legali<\/span><\/b><span data-contrast=\"none\">. Ogni componente introdotto porta con s\u00e9 <\/span><b><span data-contrast=\"none\">condizioni di utilizzo, vincoli di distribuzione e responsabilit\u00e0<\/span><\/b><span data-contrast=\"none\">\u00a0che devono essere governati nel tempo. Senza una SBOM \u2014 o senza\u00a0<\/span><b><span data-contrast=\"none\">un processo equivalente di tracciabilit\u00e0 e controllo<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 questi obblighi diventano difficili da gestire, se non del tutto ingestibili.<\/span><\/p><p><span data-contrast=\"none\">In questo senso, la SBOM non \u00e8 soltanto uno strumento di sicurezza, ma un\u202f <\/span><b><span data-contrast=\"none\">meccanismo di accountability<\/span><\/b><span data-contrast=\"none\">: consente di sapere cosa si sta distribuendo, da dove proviene, quali licenze lo regolano e quali responsabilit\u00e0 ne derivano. Ed \u00e8 proprio\u00a0<\/span><b><span data-contrast=\"none\">questa capacit\u00e0 di dimostrare consapevolezza e controllo che sta rendendo la gestione delle SBOM sempre pi\u00f9 centrale<\/span><\/b><span data-contrast=\"none\">, anche al di fuori dei contesti puramente tecnici.<\/span><br \/><span data-ccp-props=\"{&quot;201341983&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/p><h3><b><span data-contrast=\"none\">Il quadro normativo: perch\u00e9 la SBOM \u00e8 diventata una necessit\u00e0 concreta<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;335559738&quot;:160,&quot;335559739&quot;:80}\">\u00a0<\/span><\/h3><p><span data-contrast=\"none\">Negli ultimi anni, il tema della composizione del software \u00e8 uscito dall\u2019ambito puramente tecnico per entrare a pieno titolo\u00a0<\/span><b><span data-contrast=\"none\">nel perimetro normativo<\/span><\/b><span data-contrast=\"none\">. <\/span><\/p><p><span data-contrast=\"none\">Le istituzioni hanno preso atto di una realt\u00e0 ormai evidente:\u202fla sicurezza e l\u2019affidabilit\u00e0 del software dipendono dalla sua supply chain. E governare questa supply chain <\/span><b><span data-contrast=\"none\">richiede<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">visibilit\u00e0. <\/span><\/b><\/p><p><span data-contrast=\"none\">In questo contesto si inseriscono iniziative come la\u202fNational Cybersecurity Strategy\u202fnegli Stati Uniti e, soprattutto, il\u202fCyber\u00a0Resilience\u00a0Act (CRA)\u202fin Europa. Il CRA introduce\u00a0<\/span><b><span data-contrast=\"none\">obblighi chiari per chi immette sul mercato prodotti con elementi digitali<\/span><\/b><span data-contrast=\"none\">, in particolare software e dispositivi che lo incorporano. Tra questi obblighi rientrano la gestione delle vulnerabilit\u00e0, la sicurezza lungo il ciclo di vita e\u00a0<\/span><b><span data-contrast=\"none\">la capacit\u00e0 di dimostrare controllo sui componenti utilizzati.<\/span><\/b><\/p><p><span data-contrast=\"none\">Anche se il CRA non menziona esplicitamente la SBOM come unico strumento possibile, il principio \u00e8 chiaro:\u202fnon \u00e8 possibile rispettare questi requisiti senza sapere di cosa \u00e8 fatto il software. In pratica, la SBOM diventa\u00a0<\/span><b><span data-contrast=\"none\">il mezzo pi\u00f9 efficace<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 e spesso\u00a0<\/span><b><span data-contrast=\"none\">l\u2019unico realmente scalabile<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 per dimostrare conformit\u00e0.<\/span><\/p><p><span data-contrast=\"none\">Il punto per\u00f2 non riguarda solo i produttori di software.\u00a0<\/span><b><span data-contrast=\"none\">Altre normative ampliano ulteriormente il perimetro<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">La\u202fDirettiva NIS2\u202fsposta l\u2019attenzione sulle organizzazioni che\u00a0<\/span><b><span data-contrast=\"none\">utilizzano software per erogare servizi essenziali o critici<\/span><\/b><span data-contrast=\"none\">. Qui il focus non \u00e8 tanto sul\u00a0<\/span><i><span data-contrast=\"none\">come \u00e8 stato scritto il software<\/span><\/i><span data-contrast=\"none\">, quanto sulla capacit\u00e0 dell\u2019organizzazione di\u202fgestire il rischio cyber e quello legato alla supply chain. Questo include la valutazione dei fornitori, la gestione delle vulnerabilit\u00e0 e la dimostrazione di adeguate misure di controllo. Anche in questo caso, pur senza un obbligo esplicito,\u00a0<\/span><b><span data-contrast=\"none\">la SBOM diventa<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">uno strumento chiave per esercitare e dimostrare la dovuta diligenza<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">Per il settore finanziario, il quadro \u00e8 ulteriormente rafforzato dal\u202fDigital Operational Resilience Act (DORA). DORA richiede alle organizzazioni finanziarie <\/span><b><span data-contrast=\"none\">una profonda comprensione delle proprie dipendenze ICT e la capacit\u00e0 di rispondere rapidamente a incidenti e vulnerabilit\u00e0<\/span><\/b><span data-contrast=\"none\">\u00a0che coinvolgono fornitori e tecnologie critiche. Senza una visibilit\u00e0 chiara sulla composizione del software utilizzato, soddisfare questi requisiti diventa estremamente complesso.<\/span><\/p><p><span data-contrast=\"none\">Il risultato \u00e8 un cambio di paradigma:\u202fil tema SBOM nasce come risposta a un\u2019esigenza di sicurezza, ma viene reso strutturale dalla normativa. Il CRA agisce a monte, imponendo\u00a0<\/span><b><span data-contrast=\"none\">responsabilit\u00e0 a chi produce e distribuisce software<\/span><\/b><span data-contrast=\"none\">;\u00a0<\/span><b><span data-contrast=\"none\">NIS2 e DORA agiscono a valle<\/span><\/b><span data-contrast=\"none\">, spingendo le organizzazioni a\u00a0<\/span><b><span data-contrast=\"none\">pretendere trasparenza e controllo dai propri fornitori.<\/span><\/b><\/p><p><span data-contrast=\"none\">In questo scenario, la SBOM non \u00e8 pi\u00f9 un documento accessorio,\u00a0<\/span><b><span data-contrast=\"none\">ma\u00a0un elemento abilitante per dialogare con\u00a0regulator, clienti e partner<\/span><\/b><span data-contrast=\"none\">. Non serve solo a\u00a0\u201cfare sicurezza meglio\u201d, ma\u00a0<\/span><b><span data-contrast=\"none\">a dimostrare che il software \u00e8 gestito in modo consapevole, responsabile e conforme<\/span><\/b><span data-contrast=\"none\">\u00a0alle aspettative normative attuali e future.<\/span><\/p><h3>\u00a0<\/h3><h3><b><span data-contrast=\"none\">Come si fa una gestione SBOM \u201cseria\u201d<\/span><\/b><\/h3><p><span data-contrast=\"none\">Una gestione SBOM realmente efficace non pu\u00f2 ridursi\u00a0<\/span><b><span data-contrast=\"none\">a\u00a0un file statico o a un documento prodotto una tantum<\/span><\/b><span data-contrast=\"none\">: richiede\u00a0<\/span><b><span data-contrast=\"none\">un<\/span><\/b><span data-contrast=\"none\">\u202fprogramma operativo\u202fin grado di offrire\u00a0<\/span><b><span data-contrast=\"none\">visibilit\u00e0 continua<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">sulla composizione del software.<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><\/p><p><span data-contrast=\"none\">Questo significa disporre di\u00a0<\/span><b><span data-contrast=\"none\">un inventario completo e normalizzato di tutti i componenti<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 open source, commerciali e di terze parti \u2014 con versioni, identificativi univoci e metadati affidabili, ma anche\u00a0<\/span><b><span data-contrast=\"none\">comprendere<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">le relazioni tra questi elementi<\/span><\/b><span data-contrast=\"none\">, incluse dipendenze dirette e transitive, gerarchie e correlazioni. Per essere interoperabili e sostenibili nel tempo, le SBOM devono essere gestite\u00a0<\/span><b><span data-contrast=\"none\">in formati standard di settore<\/span><\/b><span data-contrast=\"none\">\u00a0come\u202fSPDX, particolarmente efficace per gli aspetti di licensing e compliance, e\u202fCycloneDX, pi\u00f9 orientato alla sicurezza e alla supply chain.<\/span><span data-contrast=\"none\">\u00a0<\/span><\/p><p><span data-contrast=\"none\">Tuttavia, l\u2019elenco dei componenti da solo non basta: una SBOM utile\u00a0<\/span><b><span data-contrast=\"none\">deve essere arricchita con informazioni operative<\/span><\/b><span data-contrast=\"none\">, come vulnerabilit\u00e0 note, stato di exploitability, disclosure e dati di ciclo di vita (EOL ed EOS), oltre a report strutturati come VDR e VEX.<\/span><\/p><p><span data-contrast=\"none\">Dal punto di vista pratico, il percorso parte dall\u2019integrazione delle SBOM fornite dai vendor. Tuttavia,\u202fla maturit\u00e0 del mercato su questo tema \u00e8 ancora disomogenea: le SBOM possono essere <\/span><b><span data-contrast=\"none\">rese disponibili in modalit\u00e0 molto diverse<\/span><\/b><span data-contrast=\"none\"> \u2014 tramite siti web del produttore, file \u201cReadme\u201d inclusi nei kit di distribuzione, contenuti estratti direttamente dai dispositivi, puntatori dal device (MUD), file forniti al cliente in formato leggibile o repository centralizzati e terze parti fidate. Questa eterogeneit\u00e0 rende l\u2019integrazione complessa e introduce\u202fsignificative difficolt\u00e0 di normalizzazione, soprattutto <\/span><b><span data-contrast=\"none\">quando i dati non seguono formati, livelli di dettaglio o criteri di qualit\u00e0 omogenei<\/span><\/b><span data-contrast=\"none\">.<\/span><\/p><p><span data-contrast=\"none\">Per rendere il processo sostenibile nel tempo,\u00a0<\/span><b><span data-contrast=\"none\">\u00e8 quindi necessario<\/span><\/b><span data-contrast=\"none\">\u202fattivare canali strutturati di raccolta\u202fe definire regole chiare su formati accettati, frequenza di aggiornamento, modalit\u00e0 di consegna e firma, nonch\u00e9 criteri minimi di qualit\u00e0, come completezza delle informazioni, disponibilit\u00e0 delle istruzioni di build e tracciabilit\u00e0 della provenienza.\u00a0<\/span><b><span data-contrast=\"none\">Dove le SBOM<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">non sono disponibili o risultano incomplete<\/span><\/b><span data-contrast=\"none\">\u00a0\u2014 come nel caso di software sviluppato internamente, soluzioni SaaS o componenti realizzati da terze parti \u2014\u00a0<\/span><b><span data-contrast=\"none\">diventa inevitabile<\/span><\/b><span data-contrast=\"none\">\u202fcrearle internamente, adottando strumenti e processi in grado di generare SBOM coerenti, normalizzate e mantenibili.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p><p aria-level=\"2\"><span data-contrast=\"none\">In questo scenario,\u00a0<\/span><b><span data-contrast=\"none\">\u00e8 importante chiarire che<\/span><\/b><span data-contrast=\"none\">\u00a0<\/span><b><span data-contrast=\"none\">il<\/span><\/b><span data-contrast=\"none\">\u202fCMDB non\u00a0\u00e8\u00a0il luogo adatto per gestire le SBOM: nato\u00a0per rappresentare\u00a0<\/span><b><span data-contrast=\"none\">asset e relazioni operative<\/span><\/b><span data-contrast=\"none\">, \u00e8 spesso gi\u00e0 sovraccarico di dati e non offre la granularit\u00e0, l\u2019aggiornamento continuo e le capacit\u00e0 di interrogazione richieste in caso di incidenti di sicurezza.<\/span><\/p><p aria-level=\"2\">\u00a0<\/p><h3><b><span data-contrast=\"none\">L\u2019approccio WEGG e il ruolo del SAM nella gestione delle SBOM<\/span><\/b><span data-ccp-props=\"{&quot;134245418&quot;:true,&quot;134245529&quot;:true,&quot;201341983&quot;:0,&quot;335559738&quot;:0,&quot;335559739&quot;:0,&quot;335559740&quot;:240}\">\u00a0<\/span><\/h3><p><span data-contrast=\"none\">In\u00a0<\/span><a href=\"https:\/\/wegg.it\/\"><b><span data-contrast=\"auto\">WEGG<\/span><\/b><\/a><b><span data-contrast=\"none\">\u00a0<\/span><\/b><span data-contrast=\"none\">affrontiamo\u00a0<\/span><b><span data-contrast=\"none\">il tema delle\u202fSBOM\u202fcon <\/span><\/b><b><span data-contrast=\"none\">un\u00a0 approccio volutamente <\/span><\/b><span data-contrast=\"none\">\u202ftrasversale, che parte dal\u202fSoftware Asset Management (SAM)\u202fma si estende oltre i suoi confini tradizionali. Il SAM rappresenta per noi\u00a0<\/span><b><span data-contrast=\"none\">il punto di partenza naturale<\/span><\/b><span data-contrast=\"none\">\u00a0perch\u00e9 \u00e8 gi\u00e0 il luogo in cui convergono informazioni su\u00a0<\/span><b><span data-contrast=\"none\">costi, contratti e conformit\u00e0<\/span><\/b><span data-contrast=\"none\">; allo stesso tempo, \u00e8 il contesto in cui emerge pi\u00f9 chiaramente\u00a0<\/span><b><span data-contrast=\"none\">la necessit\u00e0 di andare oltre la semplice visibilit\u00e0 sul software installato e utilizzato.<\/span><\/b><\/p><p>La SBOM diventa cos\u00ec l\u2019elemento di collegamento tra SAM, sicurezza e compliance, rendendo la composizione del software un dato condiviso e realmente utilizzabile. In questa logica utilizziamo <a href=\"https:\/\/www.flexera.com\/solutions\/it-security-regulatory-risk\/sbom-management\">Flexera One IT Visibility<\/a> come piattaforma di riferimento: non come uno strumento SBOM isolato, ma come parte di un ecosistema integrato.<\/p><p><span data-contrast=\"none\">Abbiamo scelto questa soluzione grazie alla sua tecnologia avanzata di\u202fSoftware Composition Analysis (SCA)\u202fsull\u2019open source \u2014 un ambito spesso non coperto dagli strumenti SAM tradizionali \u2014 ai dati completi e continuamente aggiornati di\u202fTechnopedia, la base dati di Flexera, e al supporto lungo l\u2019intero ciclo di vita delle SBOM, dall\u2019ingestione alla normalizzazione fino al monitoraggio continuo. Il nostro ruolo \u00e8 configurare i processi dei clienti per rendere la gestione delle SBOM un\u202fprocesso operativo e scalabile, integrato nei flussi di\u202fSAM, ITAM, CMDB e sicurezza.<\/span><\/p><p>La correlazione tra i componenti presenti nelle SBOM, la standardizzazione dei formati e l\u2019integrazione con le informazioni sulle vulnerabilit\u00e0 permettono di <strong>collegare in modo naturale la gestione delle SBOM ai processi di<\/strong> vulnerability management, consentendo analisi di impatto rapide e mirate quando emergono nuove CVE. Allo stesso tempo, l\u2019integrazione nei processi SAM contribuisce a garantire il rispetto dei requisiti di compliance normativa.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-9dff126 elementor-widget elementor-widget-image\" data-id=\"9dff126\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2.png\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"Immagine2\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6NDI0NjAsInVybCI6Imh0dHBzOlwvXC93ZWdnLml0XC93cC1jb250ZW50XC91cGxvYWRzXC8yMDI2XC8wMVwvSW1tYWdpbmUyLnBuZyJ9\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"800\" height=\"450\" data-src=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2-1024x576.png\" class=\"attachment-large size-large wp-image-42460 lazyload\" alt=\"\" data-srcset=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2-1024x576.png 1024w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2-300x169.png 300w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2-768x432.png 768w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2-18x10.png 18w, https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/Immagine2.png 1472w\" data-sizes=\"(max-width: 800px) 100vw, 800px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 800px; --smush-placeholder-aspect-ratio: 800\/450;\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d616bb4 elementor-widget elementor-widget-text-editor\" data-id=\"d616bb4\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span data-contrast=\"none\"><span class=\"TextRun SCXW225455490 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW225455490 BCX8\">In questo modo, la gestione delle SBOM non viene trattata come un adempimento isolato, ma come una<\/span><span class=\"NormalTextRun SCXW225455490 BCX8\" data-ccp-charstyle=\"apple-converted-space\" data-ccp-charstyle-defn=\"{&quot;ObjectId&quot;:&quot;2fd183b4-ad5c-5199-9fc7-89a6d0356079|1&quot;,&quot;ClassId&quot;:1073872969,&quot;Properties&quot;:[201342446,&quot;1&quot;,201342447,&quot;5&quot;,201342448,&quot;1&quot;,201342449,&quot;1&quot;,469777841,&quot;Aptos&quot;,469777842,&quot;Arial&quot;,469777843,&quot;Aptos&quot;,469777844,&quot;Aptos&quot;,201341986,&quot;1&quot;,469769226,&quot;Aptos,Arial&quot;,268442635,&quot;24&quot;,469775450,&quot;apple-converted-space&quot;,201340122,&quot;1&quot;,134233614,&quot;true&quot;,469778129,&quot;apple-converted-space&quot;,335572020,&quot;1&quot;,469778324,&quot;Default Paragraph Font&quot;]}\">\u202f<\/span><span class=\"NormalTextRun SCXW225455490 BCX8\" data-ccp-charstyle=\"Normal\">parte integrante del governo complessivo del software<\/span><span class=\"NormalTextRun SCXW225455490 BCX8\">, a partire dal SAM e\u00a0<\/span><\/span><span class=\"TextRun SCXW225455490 BCX8\" lang=\"IT-IT\" xml:lang=\"IT-IT\" data-contrast=\"none\"><span class=\"NormalTextRun SCXW225455490 BCX8\"><strong>in dialogo con tutte le funzioni coinvolte<\/strong>.<\/span><\/span><\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t<div class=\"elementor-column elementor-col-50 elementor-top-column elementor-element elementor-element-d4c0349\" data-id=\"d4c0349\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-54a6278 elementor-widget elementor-widget-text-editor\" data-id=\"54a6278\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Approfondimenti<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-6dceb23 elementor-grid-1 elementor-posts--thumbnail-none elementor-grid-tablet-2 elementor-grid-mobile-1 elementor-widget elementor-widget-posts\" data-id=\"6dceb23\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;classic_columns&quot;:&quot;1&quot;,&quot;classic_columns_tablet&quot;:&quot;2&quot;,&quot;classic_columns_mobile&quot;:&quot;1&quot;,&quot;classic_row_gap&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:35,&quot;sizes&quot;:[]},&quot;classic_row_gap_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;classic_row_gap_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"posts.classic\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-posts-container elementor-posts elementor-posts--skin-classic elementor-grid\" role=\"list\">\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42796 post type-post status-publish format-standard has-post-thumbnail hentry category-approfondimenti category-asset-management category-riduzione-non-conformita category-riduzione-spesa-it category-spend-optimization tag-assistente-ai tag-azure tag-costi-azure-mca tag-licenze-microsoft tag-mca tag-microsoft tag-microsoft-365 tag-microsoft-367 tag-spend-optimization\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/tagging-e-governance-dei-costi-cloud-il-lavoro-che-nessuno-vuole-fare-e-che-cambia-tutto\/\" >\n\t\t\t\tTagging e governance dei costi cloud: il lavoro che nessuno vuole fare e che cambia tutto\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42788 post type-post status-publish format-standard has-post-thumbnail hentry category-news\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/un-laboratorio-di-design-thinking-in-wegg\/\" >\n\t\t\t\tUn laboratorio di Design Thinking in WEGG\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42773 post type-post status-publish format-standard has-post-thumbnail hentry category-approfondimenti category-business-process-management category-data-driven-decision-making category-digital-experience category-digital-service-experience category-digitalizzazione-processi category-facilitare-adozione-digitale category-migliorare-processo-decisionale category-process-automation category-tecnologia-low-code tag-ai tag-digitalizzazione tag-ecosistema-digitale tag-gestione-dei-processi-aziendali tag-innovazione-it tag-integrazione-tecnologica tag-intelligenza-artificiale tag-mendix tag-ottimizzazione-dei-costi tag-piattaforma-low-code tag-sostenibilita-digitale tag-tecnologia-aziendale\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/scegli-oggi-dove-far-girare-le-applicazioni-ma-sarai-libero-di-cambiare-domani\/\" >\n\t\t\t\tScegli oggi dove far girare le applicazioni. Ma sarai libero di cambiare domani?\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42758 post type-post status-publish format-standard has-post-thumbnail hentry category-approfondimenti category-asset-management category-riduzione-non-conformita category-riduzione-spesa-it category-spend-optimization tag-assistente-ai tag-azure tag-costi-azure-mca tag-licenze-microsoft tag-maac tag-mca tag-microsoft tag-microsoft-365 tag-microsoft-367-e7 tag-sam tag-spend-optimization\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/maac-perche-la-negoziazione-del-commitment-azure-e-un-tema-caldo\/\" >\n\t\t\t\tMACC: perch\u00e9 la negoziazione del commitment Azure \u00e8 un tema caldo\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42747 post type-post status-publish format-standard has-post-thumbnail hentry category-news tag-wellfare\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/wegg-allevento-on-boarding-sali-a-bordo-della-rete-well-fare\/\" >\n\t\t\t\tWEGG all\u2019evento \u201cON BOARDING: Sali a bordo della rete WELL-FARE\u201d\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<article class=\"elementor-post elementor-grid-item post-42682 post type-post status-publish format-standard has-post-thumbnail hentry category-digital-service-experience category-live-event tag-low-code tag-mendix\" role=\"listitem\">\n\t\t\t\t<div class=\"elementor-post__text\">\n\t\t\t\t<h3 class=\"elementor-post__title\">\n\t\t\t<a href=\"https:\/\/wegg.it\/eng\/partecipa-con-wegg-al-connect-italy-alla-ducati-factory\/\" >\n\t\t\t\tPartecipa con WEGG\u00a0al\u00a0Mendix\u00a0Connect\u00a0Italy\u00a0alla Ducati\u00a0Factory!\t\t\t<\/a>\n\t\t<\/h3>\n\t\t\t\t<\/div>\n\t\t\t\t<\/article>\n\t\t\t\t<\/div>\n\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-bc87895 elementor-hidden-mobile elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"bc87895\" data-element_type=\"section\" data-e-type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7e6f41e\" data-id=\"7e6f41e\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-01244f8 elementor-widget elementor-widget-image\" data-id=\"01244f8\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" data-src=\"https:\/\/wegg.it\/wp-content\/uploads\/2022\/04\/02-s-pattern02.png\" title=\"02-s pattern02\" alt=\"02-s pattern02\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" class=\"lazyload\" style=\"--smush-placeholder-width: 1655px; --smush-placeholder-aspect-ratio: 1655\/388;\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cb98fd6 elementor-view-default elementor-widget elementor-widget-icon\" data-id=\"cb98fd6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"icon.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-icon-wrapper\">\n\t\t\t<div class=\"elementor-icon\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" xmlns:xlink=\"http:\/\/www.w3.org\/1999\/xlink\" id=\"Livello_1\" x=\"0px\" y=\"0px\" viewBox=\"0 0 92.25 92.25\" style=\"enable-background:new 0 0 92.25 92.25;\" xml:space=\"preserve\"><polygon points=\"90.25,2.93 90.25,88.84 1.41,0 0,1.41 88.84,90.25 2.93,90.25 2.93,92.25 92.25,92.25 92.25,2.93 \"><\/polygon><\/svg>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f32d69c elementor-widget elementor-widget-heading\" data-id=\"f32d69c\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Vorresti approfondire la gestione delle SBOM?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a20b313 elementor-widget elementor-widget-heading\" data-id=\"a20b313\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">CONTATTACI PER UNA CONSULENZA!<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-fe88395 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"fe88395\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-372754d elementor-button-align-center elementor-widget elementor-widget-form\" data-id=\"372754d\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;step_next_label&quot;:&quot;Next&quot;,&quot;step_previous_label&quot;:&quot;Previous&quot;,&quot;button_width&quot;:&quot;100&quot;,&quot;step_type&quot;:&quot;number_text&quot;,&quot;step_icon_shape&quot;:&quot;circle&quot;}\" data-widget_type=\"form.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<form class=\"elementor-form\" method=\"post\" name=\"Contattaci per una consulenza\" aria-label=\"Contattaci per una consulenza\">\n\t\t\t<input type=\"hidden\" name=\"post_id\" value=\"42459\"\/>\n\t\t\t<input type=\"hidden\" name=\"form_id\" value=\"372754d\"\/>\n\t\t\t<input type=\"hidden\" name=\"referer_title\" value=\"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG\" \/>\n\n\t\t\t\t\t\t\t<input type=\"hidden\" name=\"queried_id\" value=\"42459\"\/>\n\t\t\t\n\t\t\t<div class=\"elementor-form-fields-wrapper elementor-labels-above\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-text elementor-field-group elementor-column elementor-field-group-name elementor-col-50 elementor-field-required\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-name\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tNome:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<input size=\"1\" type=\"text\" name=\"form_fields[name]\" id=\"form-field-name\" class=\"elementor-field elementor-size-sm  elementor-field-textual\" required=\"required\">\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-text elementor-field-group elementor-column elementor-field-group-email elementor-col-50 elementor-field-required\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-email\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tCognome:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<input size=\"1\" type=\"text\" name=\"form_fields[email]\" id=\"form-field-email\" class=\"elementor-field elementor-size-sm  elementor-field-textual\" required=\"required\">\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-email elementor-field-group elementor-column elementor-field-group-field_298f6a1 elementor-col-50 elementor-field-required\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-field_298f6a1\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tEmail aziendale:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<input size=\"1\" type=\"email\" name=\"form_fields[field_298f6a1]\" id=\"form-field-field_298f6a1\" class=\"elementor-field elementor-size-sm  elementor-field-textual\" required=\"required\">\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-tel elementor-field-group elementor-column elementor-field-group-field_fa5f1b6 elementor-col-50\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-field_fa5f1b6\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tNumero di Telefono:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t\t\t<input size=\"1\" type=\"tel\" name=\"form_fields[field_fa5f1b6]\" id=\"form-field-field_fa5f1b6\" class=\"elementor-field elementor-size-sm  elementor-field-textual\" pattern=\"[0-9()#&amp;+*-=.]+\" title=\"Sono accettati solo numeri e caratteri telefonici (#, -, *, ecc.).\">\n\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-text elementor-field-group elementor-column elementor-field-group-field_c83c665 elementor-col-50\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-field_c83c665\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tRuolo aziendale:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<input size=\"1\" type=\"text\" name=\"form_fields[field_c83c665]\" id=\"form-field-field_c83c665\" class=\"elementor-field elementor-size-sm  elementor-field-textual\">\n\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-textarea elementor-field-group elementor-column elementor-field-group-message elementor-col-100\">\n\t\t\t\t\t\t\t\t\t\t\t\t<label for=\"form-field-message\" class=\"elementor-field-label\">\n\t\t\t\t\t\t\t\tSpiegaci meglio la tua situazione:\t\t\t\t\t\t\t<\/label>\n\t\t\t\t\t\t<textarea class=\"elementor-field-textual elementor-field  elementor-size-sm\" name=\"form_fields[message]\" id=\"form-field-message\" rows=\"4\"><\/textarea>\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-acceptance elementor-field-group elementor-column elementor-field-group-field_687c4cc elementor-col-100 elementor-field-required\">\n\t\t\t\t\t\t\t<div class=\"elementor-field-subgroup\">\n\t\t\t<span class=\"elementor-field-option\">\n\t\t\t\t<input type=\"checkbox\" name=\"form_fields[field_687c4cc]\" id=\"form-field-field_687c4cc\" class=\"elementor-field elementor-size-sm  elementor-acceptance-field\" required=\"required\" checked=\"checked\">\n\t\t\t\t<label for=\"form-field-field_687c4cc\">Ho preso visione dell'<a href=\"https:\/\/wegg.it\/privacy-policy\">informativa privacy<\/a> di WEGG e acconsento il trattamento dei miei dati.<\/label>\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-acceptance elementor-field-group elementor-column elementor-field-group-field_ea8ed71 elementor-col-100\">\n\t\t\t\t\t\t\t<div class=\"elementor-field-subgroup\">\n\t\t\t<span class=\"elementor-field-option\">\n\t\t\t\t<input type=\"checkbox\" name=\"form_fields[field_ea8ed71]\" id=\"form-field-field_ea8ed71\" class=\"elementor-field elementor-size-sm  elementor-acceptance-field\">\n\t\t\t\t<label for=\"form-field-field_ea8ed71\">Voglio rimanere in contatto con WEGG e ricevere contenuti gratuiti.<\/label>\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-type-text\">\n\t\t\t\t\t<input size=\"1\" type=\"text\" name=\"form_fields[field_d2bf274]\" id=\"form-field-field_d2bf274\" class=\"elementor-field elementor-size-sm \" style=\"display:none !important;\">\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"elementor-field-group elementor-column elementor-field-type-submit elementor-col-100 e-form__buttons\">\n\t\t\t\t\t<button class=\"elementor-button elementor-size-sm\" type=\"submit\">\n\t\t\t\t\t\t<span class=\"elementor-button-content-wrapper\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"elementor-button-text\">Invia<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/span>\n\t\t\t\t\t<\/button>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/form>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>La Software Bill of Materials (SBOM) \u00e8 uno strumento fondamentale per gestire la sicurezza, la compliance e il rischio nella supply chain software<\/p>","protected":false},"author":8837,"featured_media":42464,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[14,223],"tags":[740,398,741,742,180],"class_list":["post-42459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-approfondimenti","category-snow-software","tag-normative","tag-software","tag-supply-chain","tag-supply-chain-software","tag-vulnerabilita"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG<\/title>\n<meta name=\"description\" content=\"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/wegg.it\/eng\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG\" \/>\n<meta property=\"og:description\" content=\"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software\" \/>\n<meta property=\"og:url\" content=\"https:\/\/wegg.it\/eng\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\" \/>\n<meta property=\"og:site_name\" content=\"WEGG\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-28T08:50:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-02-06T10:41:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1587\" \/>\n\t<meta property=\"og:image:height\" content=\"1059\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fabio Chiappini\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fabio Chiappini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"15 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\"},\"author\":{\"name\":\"Fabio Chiappini\",\"@id\":\"https:\/\/www.wegg.it\/#\/schema\/person\/2a1389c49f7ec50513fe567b37a0d110\"},\"headline\":\"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale\",\"datePublished\":\"2026-01-28T08:50:32+00:00\",\"dateModified\":\"2026-02-06T10:41:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\"},\"wordCount\":2288,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.wegg.it\/#organization\"},\"image\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg\",\"keywords\":[\"normative\",\"software\",\"supply chain\",\"supply chain software\",\"vulnerabilit\u00e0\"],\"articleSection\":[\"Approfondimenti\",\"Snow Software\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\",\"url\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\",\"name\":\"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG\",\"isPartOf\":{\"@id\":\"https:\/\/www.wegg.it\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg\",\"datePublished\":\"2026-01-28T08:50:32+00:00\",\"dateModified\":\"2026-02-06T10:41:34+00:00\",\"description\":\"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software\",\"breadcrumb\":{\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage\",\"url\":\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg\",\"contentUrl\":\"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg\",\"width\":1587,\"height\":1059,\"caption\":\"Articolo Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/wegg.it\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wegg.it\/#website\",\"url\":\"https:\/\/www.wegg.it\/\",\"name\":\"WEGG\",\"description\":\"The Impact factory\",\"publisher\":{\"@id\":\"https:\/\/www.wegg.it\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wegg.it\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.wegg.it\/#organization\",\"name\":\"WEGG\",\"url\":\"https:\/\/www.wegg.it\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.wegg.it\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/wegg.it\/wp-content\/uploads\/2022\/03\/cropped-WEGG-marchio-RGB.png\",\"contentUrl\":\"https:\/\/wegg.it\/wp-content\/uploads\/2022\/03\/cropped-WEGG-marchio-RGB.png\",\"width\":968,\"height\":236,\"caption\":\"WEGG\"},\"image\":{\"@id\":\"https:\/\/www.wegg.it\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/it.linkedin.com\/company\/wegg-theimpactfactory\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wegg.it\/#\/schema\/person\/2a1389c49f7ec50513fe567b37a0d110\",\"name\":\"Fabio Chiappini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.wegg.it\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/310f49a44fee627445db0ca8dde7e600255342238347a5a56e3277eeb1851c2f?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/310f49a44fee627445db0ca8dde7e600255342238347a5a56e3277eeb1851c2f?s=96&d=mm&r=g\",\"caption\":\"Fabio Chiappini\"},\"url\":\"https:\/\/wegg.it\/eng\/author\/fchiappini\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG","description":"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/wegg.it\/eng\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/","og_locale":"en_US","og_type":"article","og_title":"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG","og_description":"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software","og_url":"https:\/\/wegg.it\/eng\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/","og_site_name":"WEGG","article_published_time":"2026-01-28T08:50:32+00:00","article_modified_time":"2026-02-06T10:41:34+00:00","og_image":[{"width":1587,"height":1059,"url":"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg","type":"image\/jpeg"}],"author":"Fabio Chiappini","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Fabio Chiappini","Est. reading time":"15 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#article","isPartOf":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/"},"author":{"name":"Fabio Chiappini","@id":"https:\/\/www.wegg.it\/#\/schema\/person\/2a1389c49f7ec50513fe567b37a0d110"},"headline":"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale","datePublished":"2026-01-28T08:50:32+00:00","dateModified":"2026-02-06T10:41:34+00:00","mainEntityOfPage":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/"},"wordCount":2288,"commentCount":0,"publisher":{"@id":"https:\/\/www.wegg.it\/#organization"},"image":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage"},"thumbnailUrl":"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg","keywords":["normative","software","supply chain","supply chain software","vulnerabilit\u00e0"],"articleSection":["Approfondimenti","Snow Software"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/","url":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/","name":"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale - WEGG","isPartOf":{"@id":"https:\/\/www.wegg.it\/#website"},"primaryImageOfPage":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage"},"image":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage"},"thumbnailUrl":"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg","datePublished":"2026-01-28T08:50:32+00:00","dateModified":"2026-02-06T10:41:34+00:00","description":"La Software Bill of Materials \u00e8 diventata uno strumento per gestire la sicurezza, la compliance e il rischio nella supply chain software","breadcrumb":{"@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#primaryimage","url":"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg","contentUrl":"https:\/\/wegg.it\/wp-content\/uploads\/2026\/01\/thisisengineering-raeng-64YrPKiguAE-.jpg","width":1587,"height":1059,"caption":"Articolo Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale"},{"@type":"BreadcrumbList","@id":"https:\/\/wegg.it\/supply-chain-software-vulnerabilita-e-normative-perche-la-sbom-non-e-piu-opzionale\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/wegg.it\/"},{"@type":"ListItem","position":2,"name":"Supply chain software, vulnerabilit\u00e0 e normative: perch\u00e9 la SBOM non \u00e8 pi\u00f9 opzionale"}]},{"@type":"WebSite","@id":"https:\/\/www.wegg.it\/#website","url":"https:\/\/www.wegg.it\/","name":"WEGG","description":"The Impact factory","publisher":{"@id":"https:\/\/www.wegg.it\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wegg.it\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.wegg.it\/#organization","name":"WEGG","url":"https:\/\/www.wegg.it\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.wegg.it\/#\/schema\/logo\/image\/","url":"https:\/\/wegg.it\/wp-content\/uploads\/2022\/03\/cropped-WEGG-marchio-RGB.png","contentUrl":"https:\/\/wegg.it\/wp-content\/uploads\/2022\/03\/cropped-WEGG-marchio-RGB.png","width":968,"height":236,"caption":"WEGG"},"image":{"@id":"https:\/\/www.wegg.it\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/it.linkedin.com\/company\/wegg-theimpactfactory"]},{"@type":"Person","@id":"https:\/\/www.wegg.it\/#\/schema\/person\/2a1389c49f7ec50513fe567b37a0d110","name":"Fabio Chiappini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.wegg.it\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/310f49a44fee627445db0ca8dde7e600255342238347a5a56e3277eeb1851c2f?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/310f49a44fee627445db0ca8dde7e600255342238347a5a56e3277eeb1851c2f?s=96&d=mm&r=g","caption":"Fabio Chiappini"},"url":"https:\/\/wegg.it\/eng\/author\/fchiappini\/"}]}},"_links":{"self":[{"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/posts\/42459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/users\/8837"}],"replies":[{"embeddable":true,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/comments?post=42459"}],"version-history":[{"count":26,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/posts\/42459\/revisions"}],"predecessor-version":[{"id":42534,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/posts\/42459\/revisions\/42534"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/media\/42464"}],"wp:attachment":[{"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/media?parent=42459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/categories?post=42459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wegg.it\/eng\/wp-json\/wp\/v2\/tags?post=42459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}