Discourse, Challenges, and Prospects Around the Adoption and Dissemination of Software Bills of Materials (SBOMs)

Software is increasingly an integral part of the critical infrastructure and processes that society relies upon for basic functions. With the ubiquity of software embedded into civic, industrial, and manufacturing technologies, software supply chain security and resilience are recognized as growing imperatives for the functioning of society. Initiatives, like those around promulgating Software Bills of Materials (SBOMs), propel supplier efforts to improve risk management in software supply chains in the right direction. However, tepid acquiescence to the efforts - and the absence of widely adopted modalities for the effective dissemination of SBOMs - present challenges. Accounting for socio-technical factors that are at the root of these headwinds establishes a strong basis for the formulation of practicable solutions to these challenges. This paper presents such an approach, and assesses several key lenses through which the challenges can be explained - leveraging findings from an ethnographic study, and providing recommendations for a way forward.