A&S Graduate Studies

This calendar presented by A&S Graduate Studies

[PAST EVENT] Trevor Stalnaker, Computer Science - Thesis Defense

July 21, 2023
9:30am - 11:30am
Location
McGlothlin-Street Hall, Zoom
251 Jamestown Rd
Williamsburg, VA 23185Map this location
Trevor Stalnaker

Abstract:
Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. Significant effort has been devoted to increasing SBOM awareness and developing SBOM formats and tools. Despite this effort, recent studies have shown that SBOMs are still an early technology not adequately adopted in practice yet, mainly due to limited SBOM tooling and lack of industry consensus on SBOM content, tool usage, and practical benefits. Expanding on previous research, this paper reports a comprehensive study that first investigates the current challenges stakeholders encounter when creating and using SBOMs. The study surveyed 138 practitioners belonging to five groups of stakeholders (practitioners familiar with SBOMs, members of critical open-source projects, AI/ML practitioners, experts of cyber-physical systems, and legal professionals), using differentiated questionnaires. We interviewed eight survey respondents to gather further insights about their experience. We identified fourteen major challenges facing the creation and use of SBOMs, including those related to the material included in SBOMs, deficiencies in SBOM tools, SBOM maintenance and verification, and domain-specific challenges. We propose and discuss six actionable solutions to the identified challenges and present the major avenues for future research and development. We hope these solutions can be adopted by the community to improve SBOM formats, tools, and adoption, and thus, enable the full potential of SBOMs.

Bio:
Trevor Stalnaker is a 2nd year MS/PhD student at William & Mary studying software supply chains and problems involved in software licensing under the direction of Dr. Poshyvanyk and Dr. Oscar Chaparro.  Beyond this, he is also interested in software engineering at large and enjoys working on automation and web development.  He previously received his Bachelor’s of Science from Washington and Lee University.