With the rapid development of computer technology, software has become an indispensable part of people's lives, and software security has become a topic of great concern. At the same time, the software supply chain has been attacked many times. In order to gain a deeper understanding of software security and its components, the key concept of a software bill of materials has emerged, which aims to provide transparency and manageability of the software supply chain. By clearly listing the components used in software and their associated information, the software bill of materials helps organizations track and manage software sources, versions, license information, and more. This helps reduce supply chain risks, ensure software compliance, and improve security. This paper makes an introduction from the current status of software bill of materials at home and abroad to its characteristics and applications, while detailing the use of software bill of materials in software supply chain security, and using this as an entry point to the future direction of software bill of materials and the importance of software bill of materials through the comparison of tools.
software bill of materialssoftware supply chainsoftware securitysupply chain risk management
万方数据
维普
