LINUX FOUNDATION RESEARCH

We’re investigating the impact of open source collaboration to solve the world’s most pressing challenges.

LF Research about page cover tiles

About LF Research

LF Research publishes actionable and decision-useful insights into open source software, hardware, standards, and data based on empirical research methodologies. Through leveraging community networks, project databases, surveys, and qualitative findings, and through its commitment to best practices in primary research, Linux Foundation Research is the definitive home for data-driven insights into open source for the benefit of governments, enterprises, and society at large.

Featured Research: Open Source and Energy Interoperability

In partnership with Natural Resources Canada and LF Energy, LF Research explores how open source projects and communities can play a vital role in building modern, robust, interoperable, and impactful energy infrastructure, with the aim of accelerating greater collaboration for energy stakeholders the world over.

 

Cover_Open_Source_and_Energy_Interoperability_2024

Surveys

Participate in our surveys, give back to your community, and earn events and training discounts!

Interested in conducting research?

Review our prospectus for more information, and email us at research@linuxfoundation.org

 

lfresearch_benefits

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness

Download Report

Abstract

The State of Software Bill of Materials (SBOM) and Cybersecurity Readiness, produced in partnership with SPDX, OpenChain, and OpenSSF, reports on the extent of organizational SBOM readiness and adoption and its significance to improving cybersecurity throughout the open source ecosystem. The study comes on the heels of the US Administration’s Executive Order on Improving the Nation’s Cybersecurity, and the disclosure of the most recent and far-reaching log4j security vulnerability. Its timing coincides with increasing recognition across the globe of the importance of identifying software components and helping accelerate widespread implementation of cybersecurity best practices to mitigate the impact of software vulnerabilities. 

What is an SBOM?

An SBOM is formal and machine-readable metadata that uniquely identifies a software package and its contents; it may include other information about its contents, including copyrights and license data. SBOMs are designed to be shared across organizations and are particularly helpful at providing transparency of components delivered by participants in a software supply chain. Many organizations concerned about software security are making SBOMs a cornerstone of their cybersecurity strategy. The report offers fresh insight into the state of SBOM readiness by enterprises across the globe, identifying patterns from innovators, early adopters, and procrastinators. Differentiated by region and revenue, these organizations identified current SBOM production and consumption levels and the motivations and challenges regarding their present and future adoption. This report is for organizations looking to better understand SBOMs as an important tool in securing software supply chains and why the time to adopt them is now!

Authors

  • Stephen Hendrick, VP Research, The Linux Foundation
  • With a foreword by Jim Zemlin, Executive Director, The Linux Foundation

Additional Resources

Our Team

Filter by: