TY - GEN
T1 - Enhancing Visibility of Components and Dependencies Across Diverse IT Environments with Open-Source Software-Bill-of-Materials Generation Tools
AU - Sorocean, Oleg
AU - Ayala-Rivera, Vanessa
AU - Portillo-Dominguez, A. Omar
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - This paper explores the escalating adoption of Open-Source Software (OSS) and its implications on traditional software assets inventory practices. While OSS offers undeniable benefits in terms of flexibility and cost, it also introduces complexities, especially in managing intricate dependency structures within the software supply chain. In response to this, the concept of Software Bill of Materials (SBOM) is proposed as a potential solution, aiming to bring transparency by documenting software components and dependencies. This paper presents an empirical study that evaluates the effectiveness and efficiency of a set of SBOM generation tools across diverse IT infrastructures and software inventory tools. It highlights SBOM's tools advantages, such as discovering OSS components installed without reliance on OS package managers, and providing component dependencies' information. By addressing this, we aim to deepen the understanding of SBOM's significance in modern software management practices and provide insights for optimizing SBOM generation tools usage.
AB - This paper explores the escalating adoption of Open-Source Software (OSS) and its implications on traditional software assets inventory practices. While OSS offers undeniable benefits in terms of flexibility and cost, it also introduces complexities, especially in managing intricate dependency structures within the software supply chain. In response to this, the concept of Software Bill of Materials (SBOM) is proposed as a potential solution, aiming to bring transparency by documenting software components and dependencies. This paper presents an empirical study that evaluates the effectiveness and efficiency of a set of SBOM generation tools across diverse IT infrastructures and software inventory tools. It highlights SBOM's tools advantages, such as discovering OSS components installed without reliance on OS package managers, and providing component dependencies' information. By addressing this, we aim to deepen the understanding of SBOM's significance in modern software management practices and provide insights for optimizing SBOM generation tools usage.
KW - Open-Source Soft-ware
KW - SBOM
KW - Software Engineering
KW - Software Inventory
UR - https://www.scopus.com/pages/publications/85216740670
U2 - 10.1109/CONISOFT63288.2024.00030
DO - 10.1109/CONISOFT63288.2024.00030
M3 - Conference contribution
AN - SCOPUS:85216740670
T3 - Proceedings - 2024 12th International Conference in Software Engineering Research and Innovation, CONISOFT 2024
SP - 165
EP - 174
BT - Proceedings - 2024 12th International Conference in Software Engineering Research and Innovation, CONISOFT 2024
A2 - Juarez-Ramirez, Reyes
A2 - Fernandez y Fernandez, Carlos Alberto
A2 - Jimenez Calleros, Samantha Paulina
A2 - Ramirez-Noriega, Alan
A2 - Guerra-Garcia, Cesar Arturo
A2 - Sandoval, Guillermo Licea
A2 - Menendez-Ortiz, Maria Alejandra
A2 - Hernandez-Ocharan, Jorge Octavio
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 12th International Conference in Software Engineering Research and Innovation, CONISOFT 2024
Y2 - 28 October 2024 through 1 November 2024
ER -