{"id":"https://openalex.org/W4393192529","doi":"https://doi.org/10.1145/3654442","title":"On the Way to SBOMs: Investigating Design Issues and Solutions in Practice","display_name":"On the Way to SBOMs: Investigating Design Issues and Solutions in Practice","publication_year":2024,"publication_date":"2024-03-26","ids":{"openalex":"https://openalex.org/W4393192529","doi":"https://doi.org/10.1145/3654442"},"language":"en","primary_location":{"id":"doi:10.1145/3654442","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3654442","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3654442","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3654442","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5071338442","display_name":"Tingting Bi","orcid":"https://orcid.org/0000-0003-2748-1249"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I177877127","display_name":"The University of Western Australia","ror":"https://ror.org/047272k79","country_code":"AU","type":"education","lineage":["https://openalex.org/I177877127"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":true,"raw_author_name":"Tingting Bi","raw_affiliation_strings":["Data61, CSIRO, Melbourne, Australia and The University of Western Australia, Perth, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Melbourne, Australia and The University of Western Australia, Perth, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I177877127","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018192313","display_name":"Boming Xia","orcid":"https://orcid.org/0009-0003-7385-4023"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I31746571","display_name":"UNSW Sydney","ror":"https://ror.org/03r8z3t63","country_code":"AU","type":"education","lineage":["https://openalex.org/I31746571"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Boming Xia","raw_affiliation_strings":["Data61, CSIRO and The University of New South Wales, Eveleigh, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO and The University of New South Wales, Eveleigh, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I31746571","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028641941","display_name":"Zhenchang Xing","orcid":"https://orcid.org/0000-0001-7663-1421"},"institutions":[{"id":"https://openalex.org/I118347636","display_name":"Australian National University","ror":"https://ror.org/019wvm592","country_code":"AU","type":"education","lineage":["https://openalex.org/I118347636"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Zhenchang Xing","raw_affiliation_strings":["Data61, CSIRO and Australian National University, Canberra, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO and Australian National University, Canberra, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679","https://openalex.org/I118347636"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100652461","display_name":"Qinghua Lu","orcid":"https://orcid.org/0000-0002-9466-1672"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Qinghua Lu","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia","Data61, CSIRO, SydneyX, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]},{"raw_affiliation_string":"Data61, CSIRO, SydneyX, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064683660","display_name":"Liming Zhu","orcid":"https://orcid.org/0000-0001-5839-3765"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"government","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Liming Zhu","raw_affiliation_strings":["Data61, CSIRO, Sydney, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Sydney, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5071338442"],"corresponding_institution_ids":["https://openalex.org/I1292875679","https://openalex.org/I177877127","https://openalex.org/I42894916"],"apc_list":null,"apc_paid":null,"fwci":6.4608,"has_fulltext":true,"cited_by_count":16,"citation_normalized_percentile":{"value":0.96753586,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"33","issue":"6","first_page":"1","last_page":"25"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11675","display_name":"Open Source Software Innovations","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12171","display_name":"Open Education and E-Learning","score":0.9574000239372253,"subfield":{"id":"https://openalex.org/subfields/1706","display_name":"Computer Science Applications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10260","display_name":"Software Engineering Research","score":0.9325000047683716,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7439510226249695},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.3898502588272095},{"id":"https://openalex.org/keywords/engineering-ethics","display_name":"Engineering ethics","score":0.3439653515815735},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.07276976108551025}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7439510226249695},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3898502588272095},{"id":"https://openalex.org/C55587333","wikidata":"https://www.wikidata.org/wiki/Q1133029","display_name":"Engineering ethics","level":1,"score":0.3439653515815735},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.07276976108551025}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3654442","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3654442","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3654442","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3654442","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3654442","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3654442","source":{"id":"https://openalex.org/S142627899","display_name":"ACM Transactions on Software Engineering and Methodology","issn_l":"1049-331X","issn":["1049-331X","1557-7392"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Software Engineering and Methodology","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/12","score":0.5400000214576721,"display_name":"Responsible consumption and production"}],"awards":[],"funders":[],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4393192529.pdf","grobid_xml":"https://content.openalex.org/works/W4393192529.grobid-xml"},"referenced_works_count":40,"referenced_works":["https://openalex.org/W397180395","https://openalex.org/W1833911422","https://openalex.org/W1979778970","https://openalex.org/W1984080818","https://openalex.org/W1994598608","https://openalex.org/W2016392754","https://openalex.org/W2046587816","https://openalex.org/W2062343755","https://openalex.org/W2087411274","https://openalex.org/W2098599935","https://openalex.org/W2107249747","https://openalex.org/W2143587628","https://openalex.org/W2162739315","https://openalex.org/W2529133275","https://openalex.org/W2802653165","https://openalex.org/W2939930770","https://openalex.org/W3017343191","https://openalex.org/W3026130332","https://openalex.org/W3043516402","https://openalex.org/W3047958222","https://openalex.org/W3088832243","https://openalex.org/W3131069091","https://openalex.org/W3136428280","https://openalex.org/W3162290828","https://openalex.org/W3173415420","https://openalex.org/W3198845576","https://openalex.org/W3211902198","https://openalex.org/W4220682629","https://openalex.org/W4224215214","https://openalex.org/W4250849411","https://openalex.org/W4251641581","https://openalex.org/W4287552728","https://openalex.org/W4309326688","https://openalex.org/W4353007392","https://openalex.org/W4383612753","https://openalex.org/W4384345766","https://openalex.org/W4385208592","https://openalex.org/W4386977908","https://openalex.org/W4389544232","https://openalex.org/W4401878108"],"related_works":["https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W2382290278","https://openalex.org/W2478288626","https://openalex.org/W4391913857","https://openalex.org/W2350741829","https://openalex.org/W2530322880"],"abstract_inverted_index":{"The":[0,177],"increase":[1],"of":[2,20,35,66,71,97,123,131,142,166,179],"software":[3,36,49,160],"supply":[4,50,174],"chain":[5,175],"threats":[6],"has":[7,139],"underscored":[8],"the":[9,17,57,64,94,132,153,164],"necessity":[10],"for":[11,109,125,185],"robust":[12],"security":[13],"mechanisms,":[14],"among":[15],"which":[16],"Software":[18],"Bill":[19],"Materials":[21],"(SBOM)":[22],"stands":[23],"out":[24],"as":[25],"a":[26,32,40,121,140],"promising":[27],"solution.":[28],"SBOMs,":[29],"by":[30],"providing":[31],"machine-readable":[33],"inventory":[34],"composition":[37],"details,":[38],"play":[39,156],"crucial":[41],"role":[42,154],"in":[43,148,157,191],"enhancing":[44],"transparency":[45],"and":[46,60,82,90,107,116,136,146,163,170,188],"traceability":[47],"within":[48],"chains.":[51],"This":[52,118],"empirical":[53],"study":[54,119,151,181],"delves":[55],"into":[56],"practical":[58,189],"challenges":[59],"solutions":[61,91],"associated":[62],"with":[63],"adoption":[65,169],"SBOMs":[67],"through":[68],"an":[69],"analysis":[70],"4,786":[72],"GitHub":[73],"discussions":[74],"across":[75],"510":[76],"SBOM-related":[77],"projects.":[78],"Through":[79],"repository":[80],"mining":[81],"analysis,":[83],"this":[84,150,192],"research":[85],"delineates":[86],"key":[87],"topics,":[88],"challenges,":[89],"intrinsic":[92],"to":[93,172],"effective":[95],"utilization":[96],"SBOMs.":[98],"Furthermore,":[99],"we":[100],"shed":[101],"light":[102],"on":[103],"commonly":[104],"used":[105],"tools":[106],"frameworks":[108],"SBOM":[110,133,143,155],"generation,":[111],"exploring":[112],"their":[113,167],"respective":[114],"strengths":[115],"limitations.":[117],"underscores":[120],"set":[122,141],"findings,":[124],"example,":[126],"there":[127],"are":[128],"four":[129],"phases":[130],"life":[134],"cycle,":[135],"each":[137],"phase":[138],"development":[144,161],"activities":[145],"issues;":[147],"addition,":[149],"emphasizes":[152],"ensuring":[158],"resilient":[159],"practices":[162],"imperative":[165],"widespread":[168],"integration":[171],"bolster":[173],"security.":[176],"insights":[178],"our":[180],"provide":[182],"vital":[183],"input":[184],"future":[186],"work":[187],"advancements":[190],"topic.":[193]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":10},{"year":2024,"cited_by_count":3}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}