sneSCM

Scandinavian Network of Excellence
in
Software Configuration Management


Configuration Management Coffee Meeting

Time: Tuesday, May 24th, 2022, 15:30-16:30 (CET).

Place: video conferencing at your own computer.

Title: What is the use of a Software Bill-of-Materials?

Hosts: Andreas Göransson, QCM - Lars Bendix, sneSCM.org

There has been a lot of talk about Software Bill-of-Materials (SBoM) in recent years. On some projects it is even a mandatory requirement. And SBoM will make its way into the next revised IEEE-828-Std on Software Configuration Management. But what is an SBoM?

In this CMCM, we will not address an exact definition of what an SBoM is, since a good definition will always depend heavily on the specific context. Instead we will try to identify what an SBoM can be used for - what is its purpose.

During the first part of this CMCM, we will present the overarching use cases we have identified so far for SBoMs and a number of specific examples for some of these use cases. We would like to discuss with you if what we have found is the right grouping of use cases - should some of them be merged or should some of them be split up.

In the second part, we will analyse some of the use cases for an SBoM to understand the consequential requirements they pose to how an SBoM should work and what data it needs.

From all this we will get a much better and richer picture of how SBoMs can be useful and what it takes to make them work.

Registration is mandatory by email to Lars Bendix (bendix@sneSCM.org).