Recently, there has been an increasing prevalence of software supply chain attacks on software component suppliers. These attacks have targeted suppliers with relatively weak security or they have exploited vulnerabilities in open-source software. The software bill of materials (SBOM) has gained significant attention as a mechanism for improving software supply chain transparency and traceability. In this study, we propose an SBOM distribution architecture based on Hyperledger Fabric, which is a permissioned blockchain platform, to facilitate secure SBOM management. This approach utilizes Hyperledger Fabric private data collections (PDCs) to separate SBOM metadata from sensitive component information, thereby enabling confidential data sharing while reducing the blockchain storage overhead compared to a fully on-chain approach. The proposed PDC-based architecture achieves lower latency and higher throughput than the fully on-chain approach under the evaluated workload conditions, while supporting integrity verification and controlled sharing of sensitive component data.
Cho et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: