Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Mirakhorli, Mehdi, Garcia, Derek, Dillon, Schuyler, Laporte, Kevin, Morrison, Matthew, Lu, Henry, Koscinski, Viktoria, Enoch, Christopher
Format: Preprint
Veröffentlicht: 2024
Schlagworte:
Online-Zugang:https://arxiv.org/abs/2402.11151
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
_version_ 1866910334992777216
author Mirakhorli, Mehdi
Garcia, Derek
Dillon, Schuyler
Laporte, Kevin
Morrison, Matthew
Lu, Henry
Koscinski, Viktoria
Enoch, Christopher
author_facet Mirakhorli, Mehdi
Garcia, Derek
Dillon, Schuyler
Laporte, Kevin
Morrison, Matthew
Lu, Henry
Koscinski, Viktoria
Enoch, Christopher
contents Modern software applications heavily rely on diverse third-party components, libraries, and frameworks sourced from various vendors and open source repositories, presenting a complex challenge for securing the software supply chain. To address this complexity, the adoption of a Software Bill of Materials (SBOM) has emerged as a promising solution, offering a centralized repository that inventories all third-party components and dependencies used in an application. Recent supply chain breaches, exemplified by the SolarWinds attack, underscore the urgent need to enhance software security and mitigate vulnerability risks, with SBOMs playing a pivotal role in this endeavor by revealing potential vulnerabilities, outdated components, and unsupported elements. This research paper conducts an extensive empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM. We investigate emerging use cases in software supply chain security and identify gaps in SBOM technologies. Our analysis encompasses 84 tools, providing a snapshot of the current market and highlighting areas for improvement.
format Preprint
id arxiv_https___arxiv_org_abs_2402_11151
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM)
Mirakhorli, Mehdi
Garcia, Derek
Dillon, Schuyler
Laporte, Kevin
Morrison, Matthew
Lu, Henry
Koscinski, Viktoria
Enoch, Christopher
Software Engineering
Modern software applications heavily rely on diverse third-party components, libraries, and frameworks sourced from various vendors and open source repositories, presenting a complex challenge for securing the software supply chain. To address this complexity, the adoption of a Software Bill of Materials (SBOM) has emerged as a promising solution, offering a centralized repository that inventories all third-party components and dependencies used in an application. Recent supply chain breaches, exemplified by the SolarWinds attack, underscore the urgent need to enhance software security and mitigate vulnerability risks, with SBOMs playing a pivotal role in this endeavor by revealing potential vulnerabilities, outdated components, and unsupported elements. This research paper conducts an extensive empirical analysis to assess the current landscape of open-source and proprietary tools related to SBOM. We investigate emerging use cases in software supply chain security and identify gaps in SBOM technologies. Our analysis encompasses 84 tools, providing a snapshot of the current market and highlighting areas for improvement.
title A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM)
topic Software Engineering
url https://arxiv.org/abs/2402.11151