Software Bill of Materials (SBOM) Harmonization Plugfest 2024

This report describes the research findings and recommendations that resulted from the 2024 SBOM Harmonization Plugfest research project. The Software Engineering Institute (SEI) project team managed the Plugfest and conducted research into the submitted software bills of material (SBOMs) in support of Cybersecurity and Infrastructure Security Agency (CISA). In this project, the SEI focused on understanding how differences in SBOM generation can result in different SBOM outputs. After gaining a better understanding of what causes these differences, the SEI project team developed recommendations for organizations to ensure more predictable and higher quality SBOMs. This report contains six major sections: an introduction, an explanation of the SBOM Plugfest process, an overview of SBOM submissions from participants, a description of the SEI project team’s analysis, the team’s findings, and the team’s recommendations.