Power Up Your Dependencies: The Parallels of SBOMs and Mario Kart


Zooming through the rainbow roads of Mario Kart may seem worlds apart from the technical world of a software bill of materials (SBOM), but it is more alike than you might think.

If you have ever played the newer Mario Kart (6 or later), one of the critical elements of the game is selecting the right cart. Before each race, a player must go through the process of choosing which vehicle is best for them. Each cart has unique attributes and abilities to help players win the race. This cart selection process is highly comparable to choosing components for SBOMs. 

Mario Kart to SBOMs: the art of choosing components

Much like a racer in Mario Kart, developers face a laundry list of obstacles that prevent them from reaching the finish line.

  • External security threats (red attack shells from other players)
  • The race to finish coding a project (boundless rainbow tracks)
  • Technical debt that comes back to haunt them (those darn bananas)

For the less experienced players, knowing what components to use on their vehicles is daunting. 

On average, most players will pick any piece based on its appearance and are unaware of how these components affect them during the race. In the software world, this is no different. 

image4-Apr-21-2023-05-09-42-2352-PMDefault settings in Mario Kart help players choose the best options. Image credit: User NaviandMii – Nintendo Life

Sonatype’s 8th Annual State of the Software Supply Chain report notes that 62% of open source consumers used an avoidable vulnerable version of their dependencies. Developers have a large market of open source options to choose from and often select those that will “get the job done” as quickly as possible, without investigating their dependencies. Much like when playing Mario Kart, developers, like players, only care about getting started. (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Amanda Yeo. Read the original post at: