UniBOM -- A Unified SBOM Analysis and Visualisation Tool for IoT Systems and Beyond

Vadim Safronov; Ionut Bostan; Nicholas Allott; Andrew Martin

arXiv:2511.22359·cs.SE·December 1, 2025

UniBOM -- A Unified SBOM Analysis and Visualisation Tool for IoT Systems and Beyond

Vadim Safronov, Ionut Bostan, Nicholas Allott, Andrew Martin

PDF

Open Access

TL;DR

UniBOM is an innovative tool that enhances SBOM analysis and visualization for IoT and complex systems by integrating binary, source, and filesystem analysis, improving vulnerability detection and security management.

Contribution

UniBOM introduces a comprehensive SBOM tool with binary and source analysis, AI-based vulnerability classification, and support for non-package-managed languages, advancing security in networked systems.

Findings

01

Superior vulnerability detection in IoT firmware

02

Effective analysis of non-package-managed C/C++ dependencies

03

Enhanced security accountability through unified visualization

Abstract

Modern networked systems rely on complex software stacks, which often conceal vulnerabilities arising from intricate interdependencies. A Software Bill of Materials (SBOM) is effective for identifying dependencies and mitigating security risks. However, existing SBOM solutions lack precision, particularly in binary analysis and non-package-managed languages like C/C++. This paper introduces UniBOM, an advanced tool for SBOM generation, analysis, and visualisation, designed to enhance the security accountability of networked systems. UniBOM integrates binary, filesystem, and source code analysis, enabling fine-grained vulnerability detection and risk management. Key features include historical CPE tracking, AI-based vulnerability classification by severity and memory safety, and support for non-package-managed C/C++ dependencies. UniBOM's effectiveness is demonstrated through a…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsSecurity and Verification in Computing · Information and Cyber Security · Software Reliability and Analysis Research