An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead
The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant effor...
Saved in:
| Published in | Proceedings / International Conference on Software Engineering pp. 2630 - 2642 |
|---|---|
| Main Authors | , , , , |
| Format | Conference Proceeding |
| Language | English |
| Published |
IEEE
01.01.2023
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 1558-1225 |
| DOI | 10.1109/ICSE48619.2023.00219 |
Cover
Loading…
| Abstract | The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant efforts from academia and industry to facilitate SBOM development, it is still unclear how practitioners perceive SBOMs and what are the challenges of adopting SBOMs in practice. Furthermore, existing SBOM-related studies tend to be ad-hoc and lack software engineering focuses. To bridge this gap, we conducted the first empirical study to interview and survey SBOM practitioners. We applied a mixed qualitative and quantitative method for gathering data from 17 interviewees and 65 survey respondents from 15 countries across five continents to understand how practitioners perceive the SBOM field. We summarized 26 statements and grouped them into three topics on SBOM's states of practice. Based on the study results, we derived a goal model and highlighted future directions where practitioners can put in their effort. |
|---|---|
| AbstractList | The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant efforts from academia and industry to facilitate SBOM development, it is still unclear how practitioners perceive SBOMs and what are the challenges of adopting SBOMs in practice. Furthermore, existing SBOM-related studies tend to be ad-hoc and lack software engineering focuses. To bridge this gap, we conducted the first empirical study to interview and survey SBOM practitioners. We applied a mixed qualitative and quantitative method for gathering data from 17 interviewees and 65 survey respondents from 15 countries across five continents to understand how practitioners perceive the SBOM field. We summarized 26 statements and grouped them into three topics on SBOM's states of practice. Based on the study results, we derived a goal model and highlighted future directions where practitioners can put in their effort. |
| Author | Bi, Tingting Xia, Boming Lu, Qinghua Zhu, Liming Xing, Zhenchang |
| Author_xml | – sequence: 1 givenname: Boming surname: Xia fullname: Xia, Boming organization: CSIRO's Data61,Sydney,Australia – sequence: 2 givenname: Tingting surname: Bi fullname: Bi, Tingting organization: CSIRO's Data61,Sydney,Australia – sequence: 3 givenname: Zhenchang surname: Xing fullname: Xing, Zhenchang organization: CSIRO's Data61,Sydney,Australia – sequence: 4 givenname: Qinghua surname: Lu fullname: Lu, Qinghua organization: CSIRO's Data61,Sydney,Australia – sequence: 5 givenname: Liming surname: Zhu fullname: Zhu, Liming organization: CSIRO's Data61,Sydney,Australia |
| BookMark | eNotj91Kw0AUhFdRsNa-QS_2BVLP2d-sd7VULVQEo_SybLJnyUKalDQifXsjejEMzHwMzC27aruWGJsjLBDB3W9WxVrlBt1CgJALAIHugs2czdEYrbQFdJdsglrnGQqhb9jsdEolaHQCJZgJK5YtXx-OqU-Vb3gxfIUz71pedHH49j3xx9Q0vIv81Q_UJ9-cHviuprHY0Uj7NvBfDTXx984HvqzJhzt2HUeSZv8-ZZ9P64_VS7Z9e96sltvMSy2GLI-l8rZSpa1CFKIULsgoFUgXlFKlB5cDjhc8kVG6NEFZa5waU0kRwcspm__tJiLaH_t08P15j4BWGGfkDxYbUWg |
| CODEN | IEEPAD |
| ContentType | Conference Proceeding |
| DBID | 6IE 6IH CBEJK RIE RIO |
| DOI | 10.1109/ICSE48619.2023.00219 |
| DatabaseName | IEEE Electronic Library (IEL) Conference Proceedings IEEE Proceedings Order Plan (POP) 1998-present by volume IEEE Xplore All Conference Proceedings IEEE Electronic Library (IEL) IEEE Proceedings Order Plans (POP) 1998-present |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: RIE name: IEEE Electronic Library (IEL) url: https://proxy.k.utb.cz/login?url=https://ieeexplore.ieee.org/ sourceTypes: Publisher |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Computer Science |
| EISBN | 9781665457019 1665457015 |
| EISSN | 1558-1225 |
| EndPage | 2642 |
| ExternalDocumentID | 10172696 |
| Genre | orig-research |
| GroupedDBID | -~X .4S .DC 123 23M 29O 5VS 6IE 6IF 6IH 6IK 6IL 6IM 6IN 8US AAJGR AAWTH ABLEC ADZIZ AFFNX ALMA_UNASSIGNED_HOLDINGS APO ARCSS AVWKF BEFXN BFFAM BGNUA BKEBE BPEOZ CBEJK CHZPO EDO FEDTE I-F I07 IEGSK IJVOP IPLJI M43 OCL RIE RIL RIO RNS XOL |
| ID | FETCH-LOGICAL-a352t-8fb4a7c4b7cdf22b29d3f34039d444ba09801570aee645b6d4776949803ef10a3 |
| IEDL.DBID | RIE |
| IngestDate | Wed Aug 27 02:09:24 EDT 2025 |
| IsPeerReviewed | false |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-a352t-8fb4a7c4b7cdf22b29d3f34039d444ba09801570aee645b6d4776949803ef10a3 |
| PageCount | 13 |
| ParticipantIDs | ieee_primary_10172696 |
| PublicationCentury | 2000 |
| PublicationDate | 2023-01-01 |
| PublicationDateYYYYMMDD | 2023-01-01 |
| PublicationDate_xml | – month: 01 year: 2023 text: 2023-01-01 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Proceedings / International Conference on Software Engineering |
| PublicationTitleAbbrev | ICSE |
| PublicationYear | 2023 |
| Publisher | IEEE |
| Publisher_xml | – name: IEEE |
| SSID | ssib051921306 ssj0006499 |
| Score | 2.354867 |
| Snippet | The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block... |
| SourceID | ieee |
| SourceType | Publisher |
| StartPage | 2630 |
| SubjectTerms | bill of materials Bills of materials empirical study Industries responsible AI Roads SBOM Security Software software bill of materials Supply chains Surveys |
| Title | An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead |
| URI | https://ieeexplore.ieee.org/document/10172696 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LS8NAEF5sT57qo-KbPXhNmmQ3u1lvtbSo0CLWYm9lX4FiTUpJEf317uShIggeAmFzWXYnM7Oz830fQlfKilDakHqaA6m2SbQneWq8hCSaAaOYjAGNPJ6w2xm9n8fzGqxeYmGstWXzmfXhtbzLN7neQqmsB-YTMcFaqOVObhVYqzGeGIi9CFwZ1m6YuVy-xsqFgejdDaZDmrjjgg-C4VBHAXKdH4oqZUAZddCkmUrVR_Libwvl649fLI3_nuse6n5j9_DDV1TaRzs2O0CdRrwB1__yIZr2Mzx8XS9LihAM7YTvOM_w1LnlN7mx-Ga5WuE8xWNZVEZ6jZ3jdh-eLQbpYYPhcekjfsylwX3n1E0XzUbDp8GtVysseNIlXoWXpIpKrqni2qRRpCJhSEpoQIShlCoZCBfAYh5IaxmNFTOUcyaoGyU2DQNJjlA7yzN7jDBjnMsoUUxpSbXlidCGu3wyJVJIrfUJ6sIiLdYVicaiWZ_TP8bP0C5sVFXtOEftYrO1Fy7-F-qy3PdPpEGs-g |
| linkProvider | IEEE |
| linkToHtml | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwjV1LT8JAEN4oHvSED4xv9-C1UNrtbtcbEggoECMQuZF9NSFiS0iJ0V_vTh9qTEw8NNlsL5vtdObb2fm-QehGGt4UpkkcxUBUW4fKESzSTuiHioKimAiAjTwc0d6U3M-CWUFWz7gwxpis-MzUYZjd5etEbSBV1gDz8Sin22gnADZuTtcqzScAaS8fLg0LR0wtmi_Yck2XN_rtcYeE9sBQh5bhkEkBeZ0fPVWykNKtolG5mLyS5KW-SWVdffzSafz3avdR7Zu9hx-_4tIB2jLxIaqW7Rtw8TcfoXErxp3X1SITCcFQUPiOkxiPrWN-E2uD7xbLJU4iPBRpbqa32Lpu--LZYGg-rDE8FkDip0Ro3LJuXdfQtNuZtHtO0WPBERZ6pU4YSSKYIpIpHXme9Lj2I5-4PteEEClcbkNYwFxhDCWBpJowRjmxs76Jmq7wj1ElTmJzgjCljAkvlFQqQZRhIVeaWUQZ-YILpdQpqsEmzVe5jMa83J-zP-av0W5vMhzMB_3Rwznag4-W5z4uUCVdb8ylRQOpvMps4BPb5bBC |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=proceeding&rft.title=Proceedings+%2F+International+Conference+on+Software+Engineering&rft.atitle=An+Empirical+Study+on+Software+Bill+of+Materials%3A+Where+We+Stand+and+the+Road+Ahead&rft.au=Xia%2C+Boming&rft.au=Bi%2C+Tingting&rft.au=Xing%2C+Zhenchang&rft.au=Lu%2C+Qinghua&rft.date=2023-01-01&rft.pub=IEEE&rft.eissn=1558-1225&rft.spage=2630&rft.epage=2642&rft_id=info:doi/10.1109%2FICSE48619.2023.00219&rft.externalDocID=10172696 |