OSS is the foundation upon which countless software products and services are built. From an IP perspective, tracking which OSS you use (and don’t use) is important relative to IP litigation risk. This tracking is common in corporate environments, but also is commonly passive and lacks detail because more may not be required with permissive OSS licenses. 

In a dynamic context of millions of instances of OSS intertwined within your business, the overall quality of your products and services is deeply intertwined with the quality of the OSS upon which you depend. Staying abreast of the latest enhancements and bug fixes in all of that dynamic OSS requires a detailed inventory.

For years the Software Bill of Materials or “SBOM” has been a much maligned artifact of software development. Many will argue they are problem ridden: SBOMs are full of errors, are output in competing formats, aren’t requested by customers, and are ultimately useless because nobody does anything with them. This is incorrect