Skip to content

SBOMit Roadmap

Jump to bottom
Marina Moore edited this page Nov 29, 2023 · 1 revision

Thrust 1: Tools and Community: Strengthening the Foundation of SBOMit Core Principles:

  • Neutrality: Promote unbiased development by hosting SBOMit under the Linux Foundation's umbrella.
  • Support: Provide comprehensive guidance for tool integration by tooling providers.
  • Inclusivity: Foster a community space that values and listens to all voices.

Milestones:

  • Preliminary: Establish a diverse community with key players from major tech companies and initiate collaborations with notable tooling providers.
  • Short-Term: Engage various stakeholders including notable industry players for involvement and form subcommittees for streamlined operations.
  • Mid-Term: Focus on advancing SBOMit's next phase, collaborating with leading groups and performing interoperability tests.
  • Long-Term: Expand the steering committee's diversity and establish sector-specific user groups with a focus on advanced testing.
  • Sustainability: Evolve towards a self-reliant model, possibly shifting to maintenance mode, in line with established open-source projects.

Evaluation:

  • Seek diverse leadership with representatives from multiple institutions.
  • Collaborate with a variety of tooling providers, aiming for significant engagement within the first year.

Thrust 2: Expanding Reach through Broad End-User Adoption Strategy:

  • Focus on widespread adoption across various sectors to enhance global visibility and facilitate integration.
  • Collaborate with regulatory bodies to foster adoption, drawing on past experiences.

Milestones:

  • Preliminary: Partner with different sectors such as finance, IoT, and defense.
  • Short-Term: Collaborate with early adopters in sectors like healthcare and education.
  • Mid-Term: Promote integration of advanced phases, launch educational materials, and organize the first SBOMit conference.
  • Long-Term: Emphasize adoption of advanced phases, establish a knowledge hub, and host subsequent conferences.
  • Sustainability: As the community grows, transition to a self-sustaining model with a focus on community-led enhancements and regular events.

Evaluation:

  • Measure success by the extent and depth of adoption across sectors.
  • Secure leading adopters in each sector and aim for significant adoption rates.

Thrust 3: Aligning Stakeholders: Formalizing SBOMit Specification Problem:

  • Address inconsistencies in SBOMit that could lead to tool incompatibility, errors, and security risks. Strategy:
  • Develop a clear SBOMit specification, targeting international standardization.

Milestones:

  • Preliminary: Draft an initial specification and establish a community-driven refinement process.
  • Short-Term: Collaborate with stakeholders to finalize the initial phase of SBOMit specification and start an improvement proposal process.
  • Mid-Term: Finalize the core specification and refine the proposal process.
  • Long-Term: Achieve international standardization, conduct interoperability tests, and introduce a task force for centralized tooling providers.
  • Sustainability: With a well-established specification and testing suite, transition to a self-sustaining model.

Evaluation:

  • Monitor the frequency of specification updates, focusing on regular minor and informational changes.
  • Track the proposal process's throughput and resolution rates, aiming for efficient processing and resolution.
  • Ensure low conformance issues with known tooling providers, maintaining minimal discrepancies that don't affect end users.
Clone this wiki locally