FYI:
An informal group [Tom Alrich] leads, the SBOM Forum - is now the OWASP SBOM Forum[i][i]! https://tomalrichblog.blogspot.com/2023/09/an-opportunity-to-get-involved-wi th.html Tom firmly believes that SBOM cannot succeed without VEX, which you can read all about in his blog posting, linked above. I do not share Tom's views on SBOM's dependency on VEX and can readily demonstrate that SBOM is already useful for software supply chain risk assessment without VEX, which I plan to share in a talk at BSides CT on 9/30 hosted by Quinnipiac University: https://twitter.com/rjb4standards/status/1704860804200141010 [i] However, please give us another two weeks to get our pages set up on both the OWASP and GitHub sites. Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council - A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! T <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 _____ -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#5355): https://lists.spdx.org/g/Spdx-tech/message/5355 Mute This Topic: https://lists.spdx.org/mt/101526125/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/Spdx-tech/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
