There has been a lot of talk about Software Bill-of-Materials (SBoM) in recent years. On some projects it is even a mandatory requirement. And SBoM will make its way into the next revised IEEE-828-Std on Software Configuration Management. But what is an SBoM?
In this Open Space, we will not address an exact definition of what an SBoM is, since a good definition will always depend heavily on the specific context. Instead we will work with what an SBoM can be used for - what is its purpose.
During the first part of this Open Space, we will brainstorm as many use cases for situations where an SBoM could be (part of) the solution.
In the second part, we will analyse some of the use cases for an SBoM to understand the consequential requirements they pose to how an SBoM should work and what data it needs.
From all this we will learn how SBoMs can be useful and what it takes to make them work.