A Software Bill of Materials (SBOM) is a complete, formally structured list of components, libraries, and modules required to build (i.e., compile and link) a given piece of software and the supply chain relationships between them. These components can be open source or proprietary, free or paid, and widely available or restricted access. SBOMs that can be shared without friction between teams and companies are a core part of software management for critical industries and digital infrastructure in the coming decades.

SBOMs are especially critical for a national digital infrastructure used within government agencies and in critical industries that present national security risks if penetrated. SBOMs would improve understanding of those software components’ operational and cyber risks from their originating supply chain.

This SBOM readiness survey is the Linux Foundation’s first project addressing how to secure the software supply chain. The foundation of this project is a worldwide survey of IT professionals who understand their organization’s approach to software development, procurement, compliance, or security.  Organizations surveyed will include both software producers and consumers. An important driver for this survey is the recent Executive Order on Cybersecurity, which focuses on producing and consuming SBOMs.

The objectives of the survey are as follows:

  • How concerned are organizations about software security?
  • How familiar are organizations with SBOMs?
  • How ready are organizations to consume and produce SBOMs?
  • What is your commitment to the timeline for addressing SBOMs?
  • What benefits do you expect to derive from SBOMs?
  • What concerns you about SBOMs?
  • What capabilities are needed in SBOMs?
  • What do organizations need to improve their SBOM operability?
  • How important are SBOMS relative to other ways to secure the software supply chain?

Data from this survey will enable the development of a maturity model that will focus on how the increasing value provided by SBOMs as organizations build out their SBOM capabilities.

The survey is available in seven languages:

  • English
  • Chinese
  • Japanese
  • Korean
  • German
  • French
  • Russian

To take the 2021 State of SBOM Readiness Survey, click the button for your desired language/region below:

BONUS

As a thank-you for your participation, you will receive a 20% registration discount to attend the Open Source Summit/Embedded Linux Conference event upon completion of the survey. Please note this discount is not transferable, and may not be combined with other offers.

PRIVACY

Personally identifiable information will not be published. Reviews are attributed to your role, company size, and industry. Responses will be subject to the Linux Foundation’s Privacy Policy, available at https://linuxfoundation.org/privacy. 

VISIBILITY

We will summarize the survey data and share the findings at the Open Source Summit/Embedded Linux Conference in September.

QUESTIONS

If you have questions regarding this survey, please email us at research@linuxfoundation.org.