The rapid growth of software supply chain attacks has attracted considerable attention to software bill of materials (SBOM). SBOMs are a crucial building block to ensure the transparency of software supply chains that helps improve software supply chain security. Although there are significant efforts from academia and industry to facilitate SBOM development, it is still unclear how practitioners perceive SBOMs and what are the challenges of adopting SBOMs in practice. Furthermore, existing SBOM-related studies tend to be ad-hoc and lack software engineering focuses. To bridge this gap, we conducted the first empirical study to interview and survey SBOM practitioners. We applied a mixed qualitative and quantitative method for gathering data from 17 interviewees and 65 survey respondents from 15 countries across five continents to understand how practitioners perceive the SBOM field. We summarized 26 statements and grouped them into four topics on SBOM's states of practice. Based on the study results, we derived a goal model and highlighted future directions where practitioners can put in their effort.

翻译：软件供应链攻击的快速增长已引起对软件物料清单（SBOM）的高度关注。SBOM是确保软件供应链透明度的关键构建模块，有助于提升软件供应链安全性。尽管学术界与工业界为推进SBOM开发投入了大量努力，但实践者如何看待SBOM以及采用SBOM面临哪些现实挑战仍不明确。此外，现有SBOM相关研究往往具有临时性特征，缺乏软件工程视角的聚焦。为填补这一空白，我们开展了首个实证研究，通过访谈与问卷调查SBOM实践者。我们采用定性与定量混合方法，收集了来自五大洲15个国家17位受访者和65位问卷应答者的数据，以理解实践者对SBOM领域的认知。我们总结了26项陈述并将其归纳为关于SBOM实践现状的四大主题。基于研究结果，我们推导出一个目标模型，并指出了实践者可着力推进的未来方向。