Portal de Periódicos da CAPES

A Taxonomy and Survey of Software Bill of Materials (SBOM) Generation Approaches

2024; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-031-50815-8_3

1865-0937

Vandana Verma Sehgal, P S Ambili,

Software Reliability and Analysis Research

The software supply chain has been there for a very long time, and so do the issues, risks and vulnerabilities associated with it. In the past few years, Supply chain attacks are even more, as the authors have started using more open-source software, code, dependencies, and libraries in the code. The open-source code is there to help us out, however, it does bring third-party risks with it. If not fixed with it. Software Bill of Materials (SBOM) with the right set of configurations and automation is one of the possible solutions. Staying up to date with the latest security and SBOM updates is a tedious task. Every day, there are new exploits created and new patches released. The intent of the study is to share the insights and results of the SBOM implementation review. The authors reviewed different Software Bill of Materials like OWASP Cyclone Dx and SPDX by Linux Foundation. It is imperative to learn about algorithms and implementations.