arXiv Open Access 2025

Augmenting Software Bills of Materials with Software Vulnerability Description: A Preliminary Study on GitHub

Davide Fucci Massimiliano Di Penta Simone Romano Giuseppe Scanniello

Lihat Sumber

Abstrak

Software Bills of Material (SBOMs) are becoming a consolidated, often enforced by governmental regulations, way to describe software composition. However, based on recent studies, SBOMs suffer from limited support for their consumption and lack information beyond simple dependencies, especially regarding software vulnerabilities. This paper reports the results of a preliminary study in which we augmented SBOMs of 40 open-source projects with information about Common Vulnerabilities and Exposures (CVE) exposed by project dependencies. Our augmented SBOMs have been evaluated by submitting pull requests and by asking project owners to answer a survey. Although, in most cases, augmented SBOMs were not directly accepted because owners required a continuous SBOM update, the received feedback shows the usefulness of the suggested SBOM augmentation.

Topik & Kata Kunci

cs.SE

Penulis (4)

Davide Fucci

Massimiliano Di Penta

Simone Romano

Giuseppe Scanniello

Format Sitasi

APA MLA BibTeX

Fucci, D., Penta, M.D., Romano, S., Scanniello, G. (2025). Augmenting Software Bills of Materials with Software Vulnerability Description: A Preliminary Study on GitHub. https://arxiv.org/abs/2503.13998

Akses Cepat

Lihat di Sumber

Informasi Jurnal

Tahun Terbit: 2025
Bahasa: en
Sumber Database: arXiv
Akses: Open Access ✓