Hi, all.
I was reading today about SBOM [1] ('a kind of nutrition label to reduce
software supply chain risk') and wondered whether it would be very
difficult to add such a document to the Royale release assets. It seems to
be an impending requirement (or 'desirement') for released software, and I
can't imagine it would be too hard to put one together for our product.
If this seems like a good idea, I would be happy to create a draft and get
others to improve it.
[1]
https://develop.secure.software/sbom-facts-know-whats-in-software-fend-off-supply-chain-attacks
--
Andrew Wetmore
Editor, Moose House Publications
Editor-Writer, The Apache Software Foundation
