.study
the practice of software transparency
A Software Bill of Materials is the practice of knowing what your software contains. Not as an afterthought. Not as compliance theater. As a fundamental act of awareness.
Every application is a vessel. The SBOM is the inventory of what that vessel carries — every library, every dependency, every inherited vulnerability.
cf. Executive Order 14028 on Improving the Nation's Cybersecurity, 2021
Generation begins at the build. Integrate tooling — syft, trivy, cyclonedx-cli — into your pipeline. Each build produces a fresh bill. Staleness is the enemy of transparency.
Source: Synopsys OSSRA Report, 2024
The data speaks with the quiet authority of accumulated observation. Organizations that maintain SBOMs respond to vulnerabilities faster, patch more completely, and understand their exposure with greater clarity.
Sources: NTIA SBOM Survey, Synopsys 2024
No software is without cracks. The wabi-sabi approach to SBOM is not to pursue perfection but to acknowledge and document imperfection. A known vulnerability is manageable. An unknown one is dangerous.
The beauty of transparency is not that it reveals flawlessness. It reveals care — the willingness to look honestly at what you have built and to share that honesty with others.