SBOM Challenges for Developers: From Analysis of Stack Overflow Questions
Wataru Otoda (1), Tetsuya Kanda (2), Yuki Manabe (3), Katsuro Inoue, (4), Yoshiki Higo (1) ((1) Osaka University, Japan, (2) Notre Dame Seishin, University, Japan, (3) The University of Fukuchiyama, Japan, (4) Nanzan, University, Japan)
TL;DR
This paper analyzes developers' challenges with SBOM adoption by examining Stack Overflow questions, revealing low resolution rates, increasing interest, and key issues faced in SBOM tool usage.
Contribution
It provides an empirical analysis of SBOM-related questions on Stack Overflow, highlighting challenges and trends in SBOM adoption among developers.
Findings
Only 15% of SBOM questions are resolved.
Questions about SBOM have increased steadily since 2020.
Developers face three major challenges with SBOM tools.
Abstract
Current software development takes advantage of many external libraries, but it entails security and copyright risks. While the use of the Software Bill of Materials (SBOM) has been encouraged to cope with this problem, its adoption is still insufficient. In this research, we analyzed the challenges that developers faced in practicing SBOM use by examining questions about SBOM utilization on Stack Overflow, a Q&A site for developers. As a result, we found that (1) the proportion of resolved questions about SBOM use is 15.0% which is extremely low, (2) the number of new questions has increased steadily from 2020 to 2023, and (3) SBOM users have three major challenges on SBOM tools.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.