Incident responders worldwide are struggling with the latest Apache Log4j vulnerability. Organizations need to look past this disaster horizon toward a sustainable security response. An SBOM is an ingredient list of components in a given program. Exploitability information and your accurate asset inventory are prerequisites for SBOMs to be useful in the context of rapid vulnerability and incident response. For incident response, SBOM may not be comprehensive enough across the organization to be of much assistance until vendors start consistently creating them. Each tool that helps without causing a distraction is a good tool to use.”]