All, The April 9 NTIA SBOM Plugfest was (IMO) a huge success. Many thanks to Allan, Kate and others who made it possible, and to the many contributors who made it successful. I participated as an SBOM consumer and have published a report on our analysis of a subset of the submitted SPDX SBOMs using OpenC2's JADN information modeling tool.
The report is available in the Plugfest folder https://drive.google.com/drive/folders/1zIqD2kPevZhDQcnJjaYLBccUm1dIz3Pw under NSA, and the complete SPDX "spec-derived" and "reverse-engineered" information models along with the analysis tools are available at https://github.com/davaya/ntia-sbom-plugfest. Although we have only analyzed the SPDX v2.2 specification at this point, we intend to do the same for CycloneDX and CoSWID specifications and example data, with the goal of improving specification quality and data interoperability. In particular, information modeling can facilitate convergence of multiple SBOM formats and facilitate translation among them. Looking forward to the next plugfest, David Kemp NSA Cybersecurity Directorate -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#4040): https://lists.spdx.org/g/Spdx-tech/message/4040 Mute This Topic: https://lists.spdx.org/mt/82170343/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
