ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Thu 18 Apr 2024 14:00 - 14:15 at Amália Rodrigues - Evolution 3 Chair(s): Saba Alimadadi

Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. A significant effort has been devoted to increasing SBOM awareness and developing SBOM formats and tools. Despite this effort, recent studies have shown that SBOMs are still an early technology not adequately adopted in practice yet, mainly due to limited SBOM tooling and lack of industry consensus on SBOM content, tool usage, and practical benefits. Expanding on previous research, this paper reports a comprehensive study that first investigates the current challenges stakeholders encounter when creating and using SBOMs. The study surveyed 138 practitioners belonging to five groups of stakeholders (practitioners familiar with SBOMs, members of critical open source projects, AI/ML practitioners, experts of cyber-physical systems, and legal professionals), using differentiated questionnaires. We interviewed eight survey respondents to gather further insights about their experience. We identified 12 major challenges facing the creation and use of SBOMs, including those related to the material included in SBOMs, deficiencies in SBOM tools, SBOM maintenance and verification, and domain-specific challenges. We propose and discuss four actionable solutions to the identified challenges and present the major avenues for future research and development.

Thu 18 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
14:00
15m
Talk
BOMs Away! Inside the Minds of Stakeholders: A Comprehensive Study of Bills of Materials for Software Systems
Research Track
Trevor Stalnaker William & Mary, Nathan Wintersgill William & Mary, Oscar Chaparro William & Mary, Massimiliano Di Penta University of Sannio, Italy, Daniel M. German University of Victoria, Denys Poshyvanyk William & Mary
Pre-print
14:15
15m
Talk
Compiler-directed Migrating API Callsite of Client Code
Research Track
Hao Zhong Shanghai Jiao Tong University, Na Meng Virginia Tech
14:30
15m
Talk
Hard to Read and Understand Pythonic Idioms? DeIdiom and Explain Them in Non-Idiomatic Equivalent CodeACM SIGSOFT Distinguished Paper Award
Research Track
zejun zhang Australian National University, Zhenchang Xing CSIRO's Data61, Dehai Zhao CSIRO's Data61, Qinghua Lu Data61, CSIRO, Xiwei (Sherry) Xu Data61, CSIRO, Liming Zhu CSIRO’s Data61
14:45
15m
Talk
Integrating Canvas and GitLab to Enrich Learning Processes
Software Engineering Education and Training
Laura Schauer Heriot-Watt University, Rob Stewart Heriot-Watt University, Manuel Maarek Heriot-Watt University
15:00
7m
Talk
Refactoring with domain-driven design in an industrial context: An action research report
Journal-first Papers
Ozan Ozkan Eindhoven University of Technology, Önder Babur Wageningen University & Research, Mark van den Brand Eindhoven University of Technology
15:07
14m
Talk
VEER: Enhancing the Interpretability of Model-based Optimizations
Journal-first Papers
Kewen Peng North Carolina State University, Christian Kaltenecker Saarland University, Germany, Norbert Siegmund Leipzig University, Sven Apel Saarland University, Tim Menzies North Carolina State University
DOI Pre-print