Realities of SBOM: What is Under the Hood of SBOM

Yasar, Hasan

Realities of SBOM: What is Under the Hood of SBOM

Active / Technical Report | Accesssion Number: AD1201272 |

Open PDF

Abstract:

Software is Everywhere. Why does it matter? 97% of commercial code contains at least some open source codes. 81% of codebases contain an outdated version of open source. 62% of breaches originated from a compromised software component. When breached, a single exploitable software component can compromise countless services.

Author(s):

Yasar, Hasan

Author Organization(s):

CARNEGIE-MELLON UNIV PITTSBURGH PA

Funding Organization(s):

AIR FORCE LIFE CYCLE MANAGEMENT CENTER HANSCOM AFB MA, HANSCOM AFB , MA

Document Type:

Technical Report/Briefing Charts

Publication Date:

2023 May 11

Pagination:

41

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution Code:

A - Approved For Public Release

Distribution Statement: Public Release

RECORD

Collection: TRECMS

Identifying Numbers

Contract Number(s):

FA8702-15-D-0002

Subject Terms

Communities of Interest:

Air Platforms

Descriptor(s):

software development, computer programming, engineering, supply chain, vulnerability, computer programs, aircrafts, airplanes, devsecops, security, universities, deployment, information security, materials, military acquisition, open source software, web service

Keyword(s):

sbom (software bill of materials)

Subject Categories:

Mathematical and Computer Sciences; Mathematical and Computer Sciences

Creation Date:

2023 May 15

Update Date:

2023 Aug 23