SBOMs for Scientific Software: C++
This is the second of a series of posts exploring the feasibility of generating Software Bills of Materials ( SBOMs ) for complex scientific software. SBOMs provide a list of the components, libraries, and modules that are required to build a piece of software. The United States 2021 Executive Order on Cybersecurity highlights the role of SBOMs to support risk assessments for newly discovered vulnerabilities. Further, the U.S. National Institute of Standards and Technology (NIST) released its Secure Software Development Framework , which requires SBOM information to be available for software. My previous post explored the generation of SBOMs for both simple and complex python software packages. A variety of tools have recently been developed that can create SBOMs for python software, which are relatively easy to install and apply. Standard python installation tools like pip and poetry capture much of the information needed to formulate SBOMs, so developers may not nee...