Linux Foundation Research Announces Software Bill of Materials (SBOM) Readiness Survey
The Linux Foundation | 25 June 2021
A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules required to build (i.e., compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access. SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.
SBOMs are especially critical for a national digital infrastructure used within government agencies and in critical industries that present national security risks if penetrated. SBOMs would improve understanding of those software components’ operational and cyber risks from their originating supply chain.
This SBOM readiness survey is the Linux Foundation’s first project addressing how to secure the software supply chain. The foundation of this project is a worldwide survey of IT professionals who understand their organization’s approach to software development, procurement, compliance, or security. Organizations surveyed will include both software producers and consumers. An important driver for this survey is the recent Executive Order on Cybersecurity, which focuses on producing and consuming SBOMs.
The objectives of the survey are as follows:
- How concerned are organizations about software security?
- How familiar are organizations with SBOMs?
- How ready are organizations to consume and produce SBOMs?
- What is your commitment to the timeline for addressing SBOMs?
- What benefits do you expect to derive from SBOMs?
- What concerns you about SBOMs?
- What capabilities are needed in SBOMs?
- What do organizations need to improve their SBOM operability?
- How important are SBOMS relative to other ways to secure the software supply chain?
Data from this survey will enable the development of a maturity model that will focus on how the increasing value provided by SBOMs as organizations build out their SBOM capabilities.
The survey is available in seven languages:
- English
- Chinese
- Japanese
- Korean
- German
- French
- Russian
To take the 2021 State of SBOM Readiness Survey, click the button for your desired language/region below:
BONUS
As a thank-you for your participation, you will receive a 20% registration discount to attend the Open Source Summit/Embedded Linux Conference event upon completion of the survey. Please note this discount is not transferable, and may not be combined with other offers.
PRIVACY
Personally identifiable information will not be published. Reviews are attributed to your role, company size, and industry. Responses will be subject to the Linux Foundation’s Privacy Policy, available at https://linuxfoundation.org/privacy.
VISIBILITY
We will summarize the survey data and share the findings at the Open Source Summit/Embedded Linux Conference in September.
QUESTIONS
If you have questions regarding this survey, please email us at research@linuxfoundation.org.
About The Linux Foundation
The Linux Foundation is the world’s leading home for collaboration on open source software, hardware, standards, and data. Linux Foundation projects are critical to the world’s infrastructure including Linux, Kubernetes, Node.js, ONAP, OpenChain, OpenSSF, PyTorch, RISC-V, SPDX, and more. The Linux Foundation focuses on leveraging best practices and addressing the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit us at linuxfoundation.org. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see its trademark usage page: www.linuxfoundation.org/trademark-usage. Linux is a registered trademark of Linus Torvalds.