Considerations for Managing Challenges in Software Bill of Materials (SBOM) Data Normalization

In October 2024, MITRE published Data Normalization Challenges and Mitigations in Software Bill of Materials (SBOM) Processing: A White Paper for Medical Device Manufacturers, which highlighted the data normalization challenges arising when processing and managing SBOMs at scale, and offered some high-level mitigation strategies. This white paper, Considerations for Managing Challenges in Software Bill of Materials (SBOM) Data Normalization, builds upon the earlier one and provides more detailed considerations on implementing approaches to address data normalization challenges, focusing on putting technologies and processes in place that can evolve with developing SBOM technologies and changes in organizational structures.

The paper briefly describes our earlier work; the approach taken for this paper, including a targeted landscape analysis; SBOM tooling, including evolving capabilities, how data normalization contributes to inconsistencies, and considerations when acquiring tools; and managing a "source of truth" to provide a consistent nomenclature throughout an organization.