A Viewpoint on Knowing Software: Bill of Materials Quality When You See It
Santiago Torres-Arias, Dan Geer, John Speed Meyers
Abstract
Software bills of materials (SBOMs) have become a required mechanism to communicate software supply chain information. However, even though they experience wide and increasing adoption, using them to improve supply chain security remains a challenge. We posit that, in order to achieve the intended goal of SBOMs, we must first develop mechanisms to measure their quality.
Topics & Concepts
Supply chainQuality (philosophy)SoftwareOrder (exchange)Computer scienceMeasure (data warehouse)Risk analysis (engineering)Mechanism (biology)Software qualityComputer securityProcess managementBusinessSoftware developmentMarketingDatabasePhilosophyProgramming languageEpistemologyFinanceSafety Systems Engineering in AutonomyOpen Source Software InnovationsTechnology Assessment and Management