IDC predicts that 55% of organizations will require a signed SBOM for externally consumed apps and software components by 2024 (IDC FutureScape: Worldwide Developer and DevOps 2023 Predictions, Oct 2022).
Whether you are a software provider or buyer, this applies to you, and, most likely, creates a host of questions like why? Does this really apply to you? How do you produce an SBOM that fills the needs of your supply chain? And what do you do with them when you have them?
The Operationalizing SBOMs to Secure Your Software Supply Chain report from IDC presents the challenges around operationalizing software bill of materials (SBOMs) that organizations face and that are impeding broader adoption.
"The SBOM has been all the rage since the Executive Order, but both quantitative and qualitative data suggest that organizations are struggling with implementing the practices and tools necessary to make the SBOM actionable in securing their software supply chains. However, an ecosystem of frameworks, projects, and tools is forming that can help organizations establish an SBOM strategy that will set them up for success when the next Log4J or government regulation comes around." - Katie Norton, senior research analyst, DevOps and DevSecOps practices at IDC