The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant efforts from academia and industry to facilitate SBOM development, it is still unclear how practitioners perceive SBOMs and what are the challenges of adopting SBOMs in practice. Furthermore, existing SBOM-related studies tend to be ad-hoc and lack software engineering focuses. To bridge this gap, we conducted the first empirical study to interview and survey SBOM practitioners. We applied a mixed qualitative and quantitative method for gathering data from 17 interviewees and 65 survey respondents from 15 countries across five continents to understand how practitioners perceive the SBOM field. We summarized 26 statements and grouped them into three topics on SBOM's states of practice. Based on the study results, we derived a goal model and highlighted future directions where practitioners can put in their effort.

翻译：软件供应链攻击的快速增长使得软件物料清单受到了广泛关注。SBOM是确保软件供应链透明度的关键基础组件，有助于提升软件供应链安全性。尽管学术界和工业界为推动SBOM发展付出了巨大努力，但 practitioners 如何认知SBOM及其在实践中应用所面临的挑战仍不明确。此外，现有SBOM相关研究往往具有临时性特征，缺乏软件工程视角的聚焦。为弥补这一空白，我们开展了首个面向SBOM实践者的实证研究，通过访谈和问卷调查结合的方式，收集了来自五大洲15个国家17位受访者和65份调查问卷的数据，以理解实践者对SBOM领域的认知。我们归纳出26项陈述，并将其归类为SBOM实践状态的三个主题。基于研究结果，我们构建了一个目标模型，并指明了实践者可重点投入的未来方向。