Software Bills of Materials (SBOMs) have emerged as tools to facilitate the management of software dependencies, vulnerabilities, licenses, and the supply chain. While significant effort has been devoted to increasing SBOM awareness and developing SBOM formats and tools, recent studies have shown that SBOMs are still an early technology not yet adequately adopted in practice. Expanding on previous research, this paper reports a comprehensive study that investigates the current challenges stakeholders encounter when creating and using SBOMs. The study surveyed 138 practitioners belonging to five stakeholder groups (practitioners familiar with SBOMs, members of critical open source projects, AI/ML, cyber-physical systems, and legal practitioners) using differentiated questionnaires, and interviewed 8 survey respondents to gather further insights about their experience. We identified 12 major challenges facing the creation and use of SBOMs, including those related to the SBOM content, deficiencies in SBOM tools, SBOM maintenance and verification, and domain-specific challenges. We propose and discuss 4 actionable solutions to the identified challenges and present the major avenues for future research and development.

翻译：软件物料清单（SBOM）已成为促进软件依赖关系、漏洞、许可及供应链管理的工具。尽管大量工作致力于提升SBOM认知度并开发其格式与工具，近期研究表明SBOM仍是一项尚未充分普及的早期技术。本文在既有研究基础上，通过全面调研揭示了当前利益相关者在创建与使用SBOM时面临的主要挑战。研究采用差异化问卷对138名从业者（分属五个利益相关者群体：熟悉SBOM的从业者、关键开源项目成员、AI/ML领域从业者、信息物理系统从业者及法律从业者）进行调研，并对8名受访者开展深度访谈以获取其经验。我们识别出创建与使用SBOM面临的12项重大挑战，涵盖SBOM内容、工具缺陷、维护与验证及领域特异性问题。针对上述挑战提出并讨论了四项可实施方案，最后指出未来研究与发展的主要方向。