Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. While significant effort has been devoted to increasing SBOM awareness and developing SBOM formats and tools, recent studies have shown that SBOMs are still an early technology not yet adequately adopted in practice. Expanding on previous research, this paper reports a comprehensive study that investigates the current challenges stakeholders encounter when creating and using SBOMs. The study surveyed 138 practitioners belonging to five stakeholder groups (practitioners familiar with SBOMs, members of critical open source projects, AI/ML, cyber-physical systems, and legal practitioners) using differentiated questionnaires, and interviewed 8 survey respondents to gather further insights about their experience. We identified 12 major challenges facing the creation and use of SBOMs, including those related to the SBOM content, deficiencies in SBOM tools, SBOM maintenance and verification, and domain-specific challenges. We propose and discuss 4 actionable solutions to the identified challenges and present the major avenues for future research and development.

翻译：软件物料清单（SBOM）已成为促进软件依赖关系、漏洞、许可证及供应链管理的工具。尽管业界已投入大量精力提升SBOM认知度并开发其格式与工具，但近期研究表明，SBOM仍属早期技术，尚未在实践中得到充分应用。在前期研究基础上，本文通过全面研究，深入探究了利益相关者在创建与使用SBOM时面临的当前挑战。本研究采用差异化问卷，对分属五个利益相关群体（熟悉SBOM的从业者、关键开源项目成员、人工智能/机器学习领域专家、信息物理系统专家及法律从业者）的138名实践者进行了调查，并对其中8名受访者进行深度访谈以获取其经验见解。我们识别出创建与使用SBOM的12项主要挑战，涵盖SBOM内容、工具缺陷、维护验证及特定领域问题等方面。针对这些挑战，我们提出并讨论了4项可行解决方案，同时指出未来研究与发展的主要方向。