IDC predicts that 55% of organizations will require a signed SBOM for externally consumed apps and software components by 2024 (IDC FutureScape: Worldwide Developer and DevOps 2023 Predictions, Oct 2022). The Operationalizing SBOMs to Secure Your Software Supply Chain report from IDC presents the challenges around operationalizing software bill of materials (SBOMs) that organizations face and that are impeding broader adoption.
This report can help answer a number of questions you are likely facing as an organization considering SBOM adoption:
- Why SBOMs and why now?
- Does this really apply to our situation?
- How do you produce an SBOM that fills the needs of your supply chain?
- And what do you do with the SBOMs once you have them?
"The SBOM has been all the rage since the Executive Order, but both quantitative and qualitative data suggest that organizations are struggling with implementing the practices and tools necessary to make the SBOM actionable in securing their software supply chains. However, an ecosystem of frameworks, projects, and tools is forming that can help organizations establish an SBOM strategy that will set them up for success when the next Log4J or government regulation comes around."
- Katie Norton, senior research analyst, DevOps and DevSecOps practices at IDC
