Re: [spdx-tech] SPDX release 2.3 - Starting to update the schema

Hi Gary, I see this as a documentation issue. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership Never trust software, always verify and report!

Re: [spdx-tech] SPDX release 2.3 - Starting to update the schema

Hi Dick, Would this be considered a documentation issue or an issue that would change the schema and tools? Thanks, Gary From: Dick Brooks Sent: Sunday, June 12, 2022 1:41 PM To: 'Gary O'Neall' ; 'SPDX Technical Mailing List' Subject: RE: [spdx-tech] SPDX release 2.3 - Starting to

Re: [spdx-tech] SPDX release 2.3 - Starting to update the schema

Gary, FYI, this version of the SPDX 2.3 spec does not contain explicit support for NIST Executive Order 14028 vulnerability disclosure reporting recommendations at the SBOM component level in appendix G, refer to NIST 5/5/2022 guidance regarding this requirement:

[spdx-tech] SPDX release 2.3 - Starting to update the schema

Greetings SPDX tech team, I believe I just merged in the last PR that will impact the schemas and tools for the 2.3 release of the SPDX Spec. Please review the open PR 's and open issue