The software bill of materials (SBOM) concept aims to include more information about a software build such as copyrights, dependencies and security references. But SBOM lacks visibility into the process for building a package. Efforts such as Supply-chain Levels for Software Artifacts (SLSA) try to remedy this by focusing on the quality of the build process. But they lack quantitative assessment of that quality. They are purely qualitative. A new form of assurance case and new technique for structuring it, called process reduction, are presented. An assurance case for a toolchain is quantitative and when structured as a process reduction can measure the strength of the toolchain via the strength of the reduction. An example is given for a simple toolchain.

翻译：软件物料清单（SBOM）概念旨在涵盖软件构建的更多信息，如版权、依赖项和安全引用。但SBOM缺乏对软件包构建过程的可见性。诸如软件制品供应链等级（SLSA）等举措试图通过关注构建过程的质量来弥补这一缺陷，但其对质量的评估缺乏量化手段，仅停留在定性层面。本文提出了一种新型保障案例及其结构化技术——过程归约。基于工具链的保障案例具有量化特性，当以过程归约形式结构化时，可通过归约强度衡量工具链强度。文中给出了一个简单工具链的实例。