"*" indicates required fields

SBOM Maturity Assessment

By landing here you’ve made a great decision. Our SBOM Maturity Framework is based on almost fifteen years of industry expertise focused on helping our customers create a complete inventory of software components—today’s Software Bill of Materials. Answers to this quick 14-question survey will help us assess your current state of SBOM management and offer specific action items to help you move further up the maturity spectrum. Once you’ve answered the questions, click submit and start your journey to realizing the benefits of a complete SBOM management strategy.

What is your role in your company?

Security

Software Engineering/Development

Legal

ITAM

Other

What type of company do you work for?

We are a software provider (sell software applications)

We purchase software from software providers (we are a B-to-B company)

We purchase software from software providers (we are a B-to-C company)

We are both a software provider and we purchase software from providers

How does your organization catalog third-party content in your applications?

Disclosures only

Package-level

Forensic level

Risk-based hybrid (combination of the above)

We don't

Which teams consume/use the output of your scan results?

(check all that apply)

Security

Legal

Software development/engineering/product management

Open Source Program Office/ Formal Centralized Team

None

Select which option best describes what organization in your company owns the management of open source and third-party components?

An open source program office (OSPO)

Formal centralized team

Engineering/DevSecOps teams

Legal

Security

I don’t know

Does your SBOM represent code developed by your partners and third-party suppliers?

Yes

I don't know

How often do you request a new/updated SBOM?

Each release

More frequent than each release

Less frequent

How are you producing SBOMs today?

It’s a manual process

Homegrown/Open source solution

Commercial SCA/SBOM solution

We aren’t producing SBOMs

Does your SBOM include fields beyond the minimum required by NTIA (National Telecommunications and Information Administration)?

Yes

I don’t know

Which standardized SBOM format are you using?

(check all that apply)

SPDX

CycloneDX

Software Identification Tagging (SWID)

Spreadsheet

None of the above

I don’t know

If your customer asked you for an SBOM, how quickly could you provide one?

Immediately

A day

One week

In a month

Never

I don’t know

What do you do with SBOMs you construct or obtain from third parties?

Nothing

Store in a file system

Manually assess

Ingest into an actionable SBOM management system

I don’t know

Is your organization able to produce security reports such as VDR and VEX for vulnerability assessment?

Yes

I don’t know

How effectively did your company handle the identification, impact assessment, and remediation of the Log4j security vulnerabilities in late 2021?

It was highly disruptive and followed a mostly manual, reactive process that took place over an extended period of time

It was not disruptive. We had an active inventory of all of our instances of Log4j use across the company; just had to search it and schedule remediation work

Not applicable; we don’t use Java (Log4j is a Java-based logging utility)

I don’t know

This field is hidden when viewing the form

(Contact form)

Fill out the form to get the complete assessment and a guide to the best next steps to improve the transparency, security and integrity of your software applications.

Your Name*

First Name Last Name

Email*

Phone*

Company*

Job Function*

Country*

State*

Province*

State*

This field is hidden when viewing the form

Comments

This field is hidden when viewing the form

(Hidden fields)

This field is hidden when viewing the form

lead_source

This field is hidden when viewing the form

campaign

This field is hidden when viewing the form

utm_source

This field is hidden when viewing the form

utm_medium

This field is hidden when viewing the form

utm_campaign

This field is hidden when viewing the form

utm_content

This field is hidden when viewing the form

utm_term

This field is hidden when viewing the form

utm_matchtype

This field is hidden when viewing the form

CheqRequestID

This field is hidden when viewing the form

firstTouchURL

This field is hidden when viewing the form

(Comm notice)

optIn

I want to receive future communications from Flexera/Revenera and be the first to hear about the latest news and industry insights. You can update your subscription preferences at any time. Your information will be processed in accordance with our Privacy Notice.

Please note: By submitting this form you are agreeing to receive additional communications from Revenera. You can update your subscription preferences at any time. Your information will be processed in accordance with our Privacy Notice.

Name

This field is for validation purposes and should be left unchanged.

SBOM Maturity Assessment

(Contact form)

Fill out the form to get the complete assessment and a guide to the best next steps to improve the transparency, security and integrity of your software applications.

(Hidden fields)

(Comm notice)

Stay Connected

Have any feedback or questions?

Revenera Community