Revision as of 09:18, 19 January 2023 edit Adwerald (talk \| contribs) 58 edits Added references and fixed typo ← Previous edit		Revision as of 09:21, 19 January 2023 edit undo Citation bot (talk \| contribs) Bots 5,871,750 edits Alter: date, url. URLs might have been anonymized. Add: isbn, arxiv, s2cid. \| Use this bot. Report bugs. \| Suggested by Adwerald \| #UCB_automated_tools Next edit →
Line 108: \|publisher=Springer \|doi=10.1007/s10664-021-09959-3 \|s2cid=197679660 \|url=https://ink.library.smu.edu.sg/sis_research/6048 }}</ref> Line 158 ⟶ 159: == Usage == As SCA impacts different functions in organizations, different teams may use the data depending on the organization's corporation size and structure. The IT department will often use SCA for implementing and operationalizing the technology with common stakeholders including the Chief Information Officer (CIO), the Chief Technology Officer (CTO), and the Chief Enterprise Architects (EA).<ref>{{Cite web\|url=https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/software-bill-of-materials-managing-software-cybersecurity-risks\|title=Software bill of materials: Managing software cybersecurity risks}}</ref> Security and license data are often used by roles such as Chief Information Security Officers (CISO) for security risks, and Chief IP / Compliance officer for Intellectual Property risk management.<ref>{{cite book \|last=Popp \|first=Karl Michael \|author-link= \|date= 30 October 2019\|title= Best Practices for commercial use of open source software\|url= https://books.google.frcom/books?id=w1a6DwAAQBAJ \|publisher=BoD – Books on Demand, 2019 \|page=10 \|isbn=9783750403093}}</ref> Depending on the SCA product capabilities, it can be implemented directly within a developer's [[Integrated_development_environment\|Integrated Development Environment]] (IDE) who uses and integrates OSS components, or it can be implemented as a dedicated step in the [[Software_quality_control\|software quality control]] process.<ref> Line 171 ⟶ 172: \|publisher=ACM \|doi=10.1145/3475716.3475769 \|arxiv=2108.12078 \|isbn=9781450386654 \|s2cid=237346987 \|url=https://dl.acm.org/doi/abs/10.1145/3475716.3475769 }}</ref><ref> Line 185 ⟶ 189: \|publisher=IEEE \|doi=10.1109/IMCEC51613.2021.9482270 \|isbn=978-1-7281-8535-4 \|url=https://ieeexplore.ieee.org/abstract/document/9482270▼ \|s2cid=236193144 ▲\|url=https://ieeexplore.ieee.org~~/abstract~~/document/9482270 }}</ref> Line 201 ⟶ 207: \|publisher=ACM \|doi=10.1145/3555051.3555068 \|arxiv=2207.11057 \|isbn=9781450398459 \|s2cid=251018650 \|url=https://dl.acm.org/doi/abs/10.1145/3555051.3555068 }}</ref> Line 245 ⟶ 254: \|pages=1–12 \|doi=10.1145/3475716.3475776 \|arxiv=2107.02096 \|isbn=9781450386654 \|s2cid=235731939 Line 259 ⟶ 269: \|pages=1–11 \|doi=10.1145/3475716.3475769 \|arxiv=2108.12078 \|isbn=9781450386654 \|s2cid=237346987

Software composition analysis: Difference between revisions