An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead (ICSE 2023 - Technical Track)

Who

Boming Xia, Tingting Bi, Zhenchang Xing, Qinghua Lu, Liming Zhu

Track

ICSE 2023 Technical Track

Time Zone

The program is currently displayed in (GMT+10:00) Hobart.

Use conference time zone: (GMT+10:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 19 May 2023 16:15 - 16:30 at Meeting Room 110 - Software ecosystems Chair(s): Sebastian Baltes

Abstract

The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOM is a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant efforts from academia and industry to facilitate SBOM development, it is still unclear how practitioners perceive SBOMs and what are the challenges of adopting SBOMs in practice. To bridge this gap, we performed the first empirical study to interview and survey SBOM practitioners. We applied a mixed qualitative and quantitative method for gathering data from 17 interviewees and 65 survey respondents from 15 countries across five continents to understand how practitioners perceive the SBOM field. We summarized 26 statements and grouped them into three topics on SBOM’s states of practice. Based on the study results, we derived a goal model and highlighted future directions where practitioners can put in their effort.

Link to Preprint

http://arxiv.org/abs/2301.05362

Boming Xia

CSIRO's Data61 & University of New South Wales

Australia

Tingting Bi

Data61, CSIRO

Australia

Zhenchang Xing

Qinghua Lu

CSIRO’s Data61

Australia

Liming Zhu

CSIRO’s Data61

Australia

Time Zone

The program is currently displayed in (GMT+10:00) Hobart.

Use conference time zone: (GMT+10:00) HobartSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 19 May
Displayed time zone: Hobart change

15:45 - 17:15	Software ecosystemsSEET - Software Engineering Education and Training / Technical Track / DEMO - Demonstrations / Journal-First Papers / SEIP - Software Engineering in Practice / SEIS - Software Engineering in Society at Meeting Room 110 Chair(s): Sebastian Baltes SAP SE & University of Adelaide

15:45 7m Talk		Upstream Bug Management in Linux Distributions - An Empirical Study of Debian and Fedora Practices Journal-First Papers Jiahuei Lin Queen’s University Software Analysis and Intelligence Lab (SAIL), Canada, Haoxiang Zhang Centre for Software Excellence at Huawei Canada, Bram Adams Queen's University, Kingston, Ontario, Ahmed E. Hassan Queen’s University
15:52 7m Vision and Emerging Results		Treat societally impactful scientific insights as open-source software artifacts SEIS - Software Engineering in Society Cynthia C. S. Liem Delft University of Technology, Andrew M. Demetriou Delft University of Technology Pre-print
16:00 15m Talk		Rules of Engagement: Why and How Companies Participate in OSS Technical Track Mariam Guizani Oregon State University, Aileen Abril Castro-Guzman Oregon State University, Anita Sarma Oregon State University, Igor Steinmacher Northern Arizona University Pre-print
16:15 15m Paper		An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead Technical Track Boming Xia CSIRO's Data61 & University of New South Wales, Tingting Bi Data61, CSIRO, Zhenchang Xing , Qinghua Lu CSIRO’s Data61, Liming Zhu CSIRO’s Data61 Pre-print
16:30 15m Talk		Open Source Software Onboarding as a University Course: An Experience Report SEET - Software Engineering Education and Training Hao He Peking University, Minghui Zhou Peking University, Qingye Wang Peking University, China, Jingyue Li Norwegian University of Science and Technology Pre-print
16:45 15m Talk		An Empirical Study of License Conflict in Free and Open Source Software SEIP - Software Engineering in Practice Xing Cui Institute of Software, Chinese Academy of Sciences, Jingzheng Wu Institute of Software, The Chinese Academy of Sciences, Yanjun Wu Institute of Software, Chinese Academy of Sciences, Xu Wang Institute of Software, Chinese Academy of Sciences, Tianyue Luo , Sheng Qu Institute of Software, Chinese Academy of Sciences, Xiang Ling Institute of Software, Chinese Academy of Sciences, Mutian Yang
17:00 7m Talk		LicenseRec: Knowledge based Open Source License Recommendation for OSS Projects DEMO - Demonstrations Weiwei Xu Peking University, Xin Wu Peking University, Runzhi He Peking University, Minghui Zhou Peking University Pre-print
17:07 7m Talk		Will you come back to contribute? Investigating the inactivity of OSS core developers in GitHub Journal-First Papers Fabio Calefato University of Bari, Marco Gerosa Northern Arizona University, Giuseppe Iaffaldano University of Bari, Filippo Lanubile University of Bari, Igor Steinmacher Northern Arizona University Link to publication DOI Pre-print