A Landscape Study of Open Source and Proprietary Tools for Software Bill of Materials (SBOM)
CoRR(2024)
摘要
Modern software applications heavily rely on diverse third-party components,
libraries, and frameworks sourced from various vendors and open source
repositories, presenting a complex challenge for securing the software supply
chain. To address this complexity, the adoption of a Software Bill of Materials
(SBOM) has emerged as a promising solution, offering a centralized repository
that inventories all third-party components and dependencies used in an
application. Recent supply chain breaches, exemplified by the SolarWinds
attack, underscore the urgent need to enhance software security and mitigate
vulnerability risks, with SBOMs playing a pivotal role in this endeavor by
revealing potential vulnerabilities, outdated components, and unsupported
elements. This research paper conducts an extensive empirical analysis to
assess the current landscape of open-source and proprietary tools related to
SBOM. We investigate emerging use cases in software supply chain security and
identify gaps in SBOM technologies. Our analysis encompasses 84 tools,
providing a snapshot of the current market and highlighting areas for
improvement.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要