Modern networked systems rely on complex software stacks, which often conceal vulnerabilities arising from intricate interdependencies. A Software Bill of Materials (SBOM) is effective for identifying dependencies and mitigating security risks. However, existing SBOM solutions lack precision, particularly in binary analysis and non-package-managed languages like C/C++. This paper introduces UniBOM, an advanced tool for SBOM generation, analysis, and visualisation, designed to enhance the security accountability of networked systems. UniBOM integrates binary, filesystem, and source code analysis, enabling fine-grained vulnerability detection and risk management. Key features include historical CPE tracking, AI-based vulnerability classification by severity and memory safety, and support for non-package-managed C/C++ dependencies. UniBOM's effectiveness is demonstrated through a comparative vulnerability analysis of 258 wireless router firmware binaries and the source code of four popular IoT operating systems, highlighting its superior detection capabilities compared to other widely used SBOM generation and analysis tools. Packaged for open-source distribution, UniBOM offers an end-to-end unified analysis and visualisation solution, advancing SBOM-driven security management for dependable networked systems and broader software.

翻译：现代网络化系统依赖于复杂的软件栈，这些软件栈往往隐藏着由错综复杂的相互依赖关系引发的漏洞。软件物料清单（SBOM）在识别依赖关系和降低安全风险方面是有效的。然而，现有的SBOM解决方案缺乏精确性，特别是在二进制分析以及C/C++等非包管理语言方面。本文介绍了UniBOM，一种用于SBOM生成、分析和可视化的先进工具，旨在增强网络化系统的安全责任可追溯性。UniBOM集成了二进制、文件系统和源代码分析，实现了细粒度的漏洞检测和风险管理。其主要特性包括历史通用平台枚举（CPE）追踪、基于人工智能的按严重性和内存安全性进行的漏洞分类，以及对非包管理的C/C++依赖关系的支持。通过对258个无线路由器固件二进制文件以及四种流行物联网操作系统源代码的比较性漏洞分析，证明了UniBOM的有效性，突显了其相较于其他广泛使用的SBOM生成与分析工具更优越的检测能力。UniBOM已打包用于开源分发，提供了一个端到端的统一分析与可视化解决方案，推动了面向可靠网络化系统及更广泛软件的SBOM驱动安全管理。