

BOMtotal – software bill of materials from binary executables - rayshan
http://www.bomtotal.com/

======
ctonic
Found out about this in the Microsoft VS Code thread but turns out it can
process Docker base images too (after exporting them to tar files). Here is a
component list for the nginx:latest base image:
[http://www.bomtotal.com/#9ab3777ec051c1f8db85d0513b032e91](http://www.bomtotal.com/#9ab3777ec051c1f8db85d0513b032e91)
Pretty neat stuff!

~~~
ctonic
The component listing for most recent MIUI ROM for my Nexus 4 is pretty
interesting too...
[http://www.bomtotal.com/#e138cde6cfa889b0e1b4bbfdf6be73da](http://www.bomtotal.com/#e138cde6cfa889b0e1b4bbfdf6be73da)
openssl 0.9.8h _and_ 1.0.1e, anyone?

------
svimes
The whole software bill of materials, BOM, is a nice idea. If you buy a carton
of milk, the contents are printed on the back. Why shouldn't this apply to
software as well? Of course a lot of the software does not come in a shrink-
wrapped package, so you need something like BOMtotal to keep you informed.

------
evilon
It will be interesting to see how the industry picks this up. The amount of
vulnerable libraries (and many of them) in software, even in security
software, is rather mind boggling.

