LINUX FOUNDATION RESEARCH

We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges.

LF Research about page cover tiles

About LF Research

LF Research publishes actionable and decision-useful insights into open source software, hardware, standards, and data based on empirical research methodologies. Through leveraging community networks, project databases, surveys, and qualitative findings, and through its commitment to best practices in primary research, Linux Foundation Research is the definitive home for data-driven insights into open source for the benefit of governments, enterprises, and society at large.

Census III of Free and Open Source Software

In this report, LF Research partnered with OpenSSF and the Laboratory for Innovation Science at Harvard to study the most common packages used at the application library level.

 

Census III 2024_Cover Thumbnail

Participate in Our Research

Join the LF Research Forum and participate in our surveys and interviews to give back to your community and earn events & training discounts!

Interested in conducting research?

Review our prospectus for more information, and email us at research@linuxfoundation.org

 

lfresearch_benefits

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness

Download Report

Abstract

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, produced in partnership with SPDX, OpenChain, and OpenSSF, reports on the extent of organizational SBOM readiness and adoption and its significance to improving cybersecurity throughout the open source ecosystem. The study comes on the heels of the US Administration’s Executive Order on Improving the Nation’s Cybersecurity, and the disclosure of the most recent and far-reaching log4j security vulnerability. Its timing coincides with increasing recognition across the globe of the importance of identifying software components and helping accelerate widespread implementation of cybersecurity best practices to mitigate the impact of software vulnerabilities. 

What is an SBOM?

An SBOM is formal and machine-readable metadata that uniquely identifies a software package and its contents; it may include other information about its contents, including copyrights and license data. SBOMs are designed to be shared across organizations and are particularly helpful at providing transparency of components delivered by participants in a software supply chain. Many organizations concerned about software security are making SBOMs a cornerstone of their cybersecurity strategy. The report offers fresh insight into the state of SBOM readiness by enterprises across the globe, identifying patterns from innovators, early adopters, and procrastinators. Differentiated by region and revenue, these organizations identified current SBOM production and consumption levels and the motivations and challenges regarding their present and future adoption. This report is for organizations looking to better understand SBOMs as an important tool in securing software supply chains and why the time to adopt them is now!

Authors

  • Stephen Hendrick, VP Research, The Linux Foundation
  • With a foreword by Jim Zemlin, Executive Director, The Linux Foundation

Additional Resources

Our Team

Filter by: