On the Way to SBOMs: Investigating Design Issues and Solutions in Practice
Software Bill of Materials (SBOM), offers improved transparency and supply chain security by providing a machine-readable inventory of software components used. With the rise in software supply chain attacks, the SBOM has attracted attention from both academia and industry. This paper presents a study on the practice of SBOM, based on the analysis of 4,786 GitHub discussions from 510 SBOM-related projects. Our study identifies key topics, challenges, and solutions associated with effective SBOM usage. We also highlight commonly used tools and frameworks for generating SBOMs, along with their respective strengths and limitations. Our research underscores the importance of SBOMs in software development and the need for their widespread adoption to enhance supply chain security. Additionally, the insights gained from our study can inform future research and development in this field.
READ FULL TEXT