Standardizing SBOM within the SW Development Tooling Ecosystem

November 2019
Topics: Software Engineering, Open Source Software
Robert A. Martin, The MITRE Corporation
Download PDF (3.15 MB)

Many end-user organizations across the world are facing operational and supply chain related questions about whether the software they are using to do their day-to-day work and support their ongoing business areas is authentic and unaltered, contains known vulnerabilities, or whether their use is proper and legal given the licensing terms placed on the constituent parts of that software by its developers. The fact that software is being used to run more and more of the critical aspects of each of our organization’s business, embedded, and cyber-physical systems makes it these pressing and unavoidable questions for almost everyone.

Much attention has focused on identifying the needs for Software Bill of Materials (SBOM) information in end-user organizations, which extends to understanding the software content of their operational systems, the supplier communities of that software, whether that equipment has software embedded or they are directly supplying software. At the same time the software development tools ecosystem organizations, those who will be key in supplying the tools that are foundational to supplying automated SBOM information, need to be engaged and the SBOM standardization needs to support and help the integration of the different development, assessment, and analysis tools into the emerging DevSecOps abilities being explored across the market.

Publications

Interested in MITRE's Work?

MITRE provides affordable, effective solutions that help the government meet its most complex challenges.
Explore Job Openings

Publication Search