Attackers continue to exploit the software supply chain and software vulnerabilities; organizations struggle to locate and fix the security flaws. US regulations require software bills of materials (SBOMs) for medical devices; federal agencies are taking a risk-based approach to requiring SBOMs from software suppliers; and other governments are following suit. Use this report to understand when your organization will likely need to make or consume an SBOM and how to do so.