Software engineers monitoring software bill of materials quality have made a startling discovery: Only 1% of all SBOMs produced at this time contain the “minimum elements” as outlined by the US government.
New data from software supply chain security start-up Chainguard indicates that the minimum data fields required by existing tools to create SBOMs do not allow for the management of software vulnerabilities, licenses, and inventory tracking.
According to Chainguard security data scientist John Speed Meyers, “Further research will need to address whether the standard is too high, whether SBOM generation tools must change, or whether the underlying software artifacts lack necessary package metadata.
Read More:Chainguard Trains Spotlight on SBOM Quality Problem
Updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.