Comparing the SBOM you've been given to upstream SBOMs is one that springs
to mind. Especially if any sort of analysis/audit has been done to augment
the SBOM. But in that case they would be referenced inside the SBOM you're
looking at.
On Thu, Apr 15, 2021 at 1:41 AM Eliot Lear
wrote:
> It
Hi Eliot,
This information is being provided as justification to support multiple SBOM's
that may be required to conduct a comprehensive software supply chain risk
assessment. I propose adding a new component level data element, called SBOMURL
at the component level to enable discovery and
It seems that my mail system ate my first attempt at this.
One of the questions I raised in the opsawg meeting was how many SBOMs we would
need to be able to retrieve. I am looking for use cases where there would be
more than one. To me, I think the place to look is around VMs and containers,
Hi all,
No, I am not aware of any IPR that applies to this draft.
Best regards,
Paul
On Mon, Mar 22, 2021 at 1:34 PM Joe Clarke (jclarke) wrote:
> Authors, contributors, and WG members, as we are in WGLC for this
> document, we want to solicit knowledge of any IPR that may pertain to
> the
Hi all,
As we didn't hear any objection for this issue, we proceeded with the change
and considered it like any other WGLC comments.
Given this is an important change, we added Paul as a contributor.
Paul, please reply to the IPR poll that was issued by Joe. Thank you.
Cheers,
Med
De :
Mohit, thank you for your review. I have entered a No Objection ballot for this
document.
Lars
> On 2021-3-20, at 12:24, Mohit Sethi via Datatracker wrote:
>
> Reviewer: Mohit Sethi
> Review result: Ready
>
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team