With the rapid development of computer technology, software has become an indispensable part of people's lives, and software security has become a topic of great concern. At the same time, the software supply chain has been attacked many times. In order to gain a deeper understanding of software security and its components, the key concept of a software bill of materials has emerged, which aims to provide transparency and manageability of the software supply chain. By clearly listing the components used in software and their associated information, the software bill of materials helps organizations track and manage software sources, versions, license information, and more. This helps reduce supply chain risks, ensure software compliance, and improve security. This paper makes an introduction from the current status of software bill of materials at home and abroad to its characteristics and applications, while detailing the use of software bill of materials in software supply chain security, and using this as an entry point to the future direction of software bill of materials and the importance of software bill of materials through the comparison of tools.
关键词
软件物料清单/软件供应链/软件安全/供应链风险管理
Key words
software bill of materials/software supply chain/software security/supply chain risk management
维普
万方数据