DiVA

diva-portal.org

Digitala Vetenskapliga Arkivet

EnglishSvenskaNorsk
Endre søk
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Augmenting Software Bills of Materials with Software Vulnerability Description: A Preliminary Study on GitHub
Blekinge Tekniska Högskola, Fakulteten för datavetenskaper, Institutionen för programvaruteknik.ORCID-id: 0000-0002-0679-4361
University of Sannio, Italy.ORCID-id: 0000-0002-0340-9747
University of Salerno, Salerno, Italy.ORCID-id: 0000-0003-4880-3622
University of Salerno, Salerno, Italy.ORCID-id: 0000-0003-0024-7508
2025 (engelsk)Inngår i: FSE Companion '25: Proceedings of the 33rd ACM International Conference on the Foundations of Software Engineering / [ed] Li, J, Association for Computing Machinery (ACM), 2025, s. 631-635Konferansepaper, Publicerat paper (Fagfellevurdert)
Abstract [en]

Software Bills of Material (SBOMs) are becoming a consolidated-and often enforced by governmental regulations-way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and lack information beyond simple dependencies, especially regarding software vulnerabilities. This paper reports the results of a preliminary study in which we augmented SBOMs of 40 open-source projects with information about Common Vulnerabilities and Exposures (CVE) exposed by project dependencies. Our augmented SBOMs have been evaluated by submitting pull requests and by asking project owners to answer a survey. Although, in most cases, augmented SBOMs were not directly accepted because owners required a continuous SBOM update, the received feedback shows the usefulness of the suggested SBOM augmentation.
sted, utgiver, år, opplag, sider
Association for Computing Machinery (ACM), 2025. s. 631-635
Emneord [en]
SBOM, Software repositories, VEX, Vulnerabilities management
HSV kategori
Identifikatorer
URN: urn:nbn:se:bth-28600DOI: 10.1145/3696630.3728513ISI: 001593214400070Scopus ID: 2-s2.0-105013970463ISBN: 9798400712760 (tryckt)OAI: oai:DiVA.org:bth-28600DiVA, id: diva2:1995498
Konferanse
33rd ACM International Conference on the Foundations of Software Engineering, FSE Companion 2025, Trondheim, June 23-27, 2025
Ingår i projekt
SERT- Software Engineering ReThought, Knowledge FoundationSESAM – Secure Software Engineering Through Sensible AutoMation, Knowledge Foundation
Forskningsfinansiär
Knowledge Foundation, 20230087Knowledge Foundation, 20180010Tilgjengelig fra: 2025-09-05 Laget: 2025-09-05 Sist oppdatert: 2025-12-15bibliografisk kontrollert

Open Access i DiVA

fulltext(510 kB)31 nedlastinger
Filinformasjon
Fil FULLTEXT01.pdfFilstørrelse 510 kBChecksum SHA-512
30be54297d810541cabc7fcbb50d436b547b671b19e9f7c33c8b3fe6c14e2bd052d9992c5a298c0e4dafac5e3287d26c77b6cce786c7b7d6d97a5e9d826daf60
Type fulltextMimetype application/pdf

Andre lenker

Forlagets fulltekstScopus

Søk i DiVA

Av forfatter/redaktør
Fucci, DavideDi Penta, MassimilianoRomano, SimoneScanniello, Giuseppe
Av organisasjonen

Søk utenfor DiVA

GoogleGoogle Scholar
Totalt: 31 nedlastinger
Antall nedlastinger er summen av alle nedlastinger av alle fulltekster. Det kan for eksempel være tidligere versjoner som er ikke lenger tilgjengelige

doi
isbn
urn-nbn

Altmetric

doi
isbn
urn-nbn
Totalt: 975 treff
RefereraExporteraLink to record
Permanent link

Direct link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Om DiVA portal
|
Om DiVA-konsortiet