Unraveling Incentives: Understanding the Adoption Barriers of SBOM in the Software Supply Chain

Abstract

In today's business landscape, software has become an integral part of operations for all companies, with a growing reliance on third-party components. This increasing complexity in software supply chains has led to a significant reduction in transparency and visibility, posing challenges for effective management and security. Software Bill of Materials (SBOMs) emerges as a promising concept to address this issue by providing detailed information about software components and their supply chain relationships, ultimately enhancing transparency within these supply chains. However, despite its potential benefits, SBOM adoption remains limited in practice.

This research examines the perspectives of four key business stakeholders involved in the software supply chain to understand their incentives and disincentives surrounding SBOM adoption. Through a series of in-depth interviews with representatives from each stakeholder group, we aimed to identify stakeholder-specific risks, benefits, concerns, and incentives related to SBOM adoption. The analysis reveals that SBOM adoption potential is notably higher among system integrators and software vendors. These stakeholders perceive the benefits of enhanced transparency and supply chain risk mitigation, which align with their strategic objectives. On the contrary, B2B customers and Individual Developers exhibit the least motivation for SBOM adoption. Their limited interest stems from a perception that SBOMs may impose additional complexities without commensurate benefits. Given that B2B customers and individual developers are the primary consumers and suppliers of SBOMs, respectively, the findings suggest that the overall adoption potential of this technology remains restricted.