Åpne denne publikasjonen i ny fane eller vindu >>2025 (engelsk)Inngår i: FSE Companion '25: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering / [ed] Li, J, Association for Computing Machinery (ACM), 2025, s. 631-635Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]
Software Bills of Material (SBOMs) are becoming a consolidated-and often enforced by governmental regulations-way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and lack information beyond simple dependencies, especially regarding software vulnerabilities. This paper reports the results of a preliminary study in which we augmented SBOMs of 40 open-source projects with information about Common Vulnerabilities and Exposures (CVE) exposed by project dependencies. Our augmented SBOMs have been evaluated by submitting pull requests and by asking project owners to answer a survey. Although, in most cases, augmented SBOMs were not directly accepted because owners required a continuous SBOM update, the received feedback shows the usefulness of the suggested SBOM augmentation.
sted, utgiver, år, opplag, sider
Association for Computing Machinery (ACM), 2025
Emneord
SBOM, Software repositories, VEX, Vulnerabilities management
HSV kategori
Identifikatorer
urn:nbn:se:bth-28600 (URN)10.1145/3696630.3728513 (DOI)001593214400070 ()2-s2.0-105013970463 (Scopus ID)9798400712760 (ISBN)
Konferanse
33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, June 23-27, 2025
Forskningsfinansiär
Knowledge Foundation, 20230087Knowledge Foundation, 20180010
2025-09-052025-09-052025-12-15bibliografisk kontrollert