Mark,
You may want to reach out to the CISA ICT_SCRM Task Force for help. They have lots of materials available to help government entities with regard to SBOM, vulnerability management and implementation guidance. https://www.cisa.gov/resources-tools/groups/ict-supply-chain-risk-management-task-force Here is one useful document describing use cases involving SBOM – designed for SMB’s but also appropriate for larger organizations: https://www.cisa.gov/sites/default/files/2023-01/Securing-SMB-Supply-Chains_Resource-Handbook_508.pdf Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ <http://www.reliableenergyanalytics.com/> http://www.reliableenergyanalytics.com Email: <mailto:[email protected]> [email protected] Tel: +1 978-696-1788 From: [email protected] <[email protected]> On Behalf Of Mark P. Farrell via lists.spdx.org Sent: Thursday, August 10, 2023 3:53 PM To: [email protected] Subject: [spdx] Completely new to this - link to SBOM data? I'm very new to SBOM - understanding and this website - and arrived here after a redirect URL from Microsoft - Generating Software Bills of Materials (SBOMs) with SPDX at Microsoft - Engineering@Microsoft <https://devblogs.microsoft.com/engineering-at-microsoft/generating-software-bills-of-materials-sboms-with-spdx-at-microsoft/> . Is there a link here to help me get up to speed - with the website, quick background, and where the SBOM data is located? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1750): https://lists.spdx.org/g/spdx/message/1750 Mute This Topic: https://lists.spdx.org/mt/100937778/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/21656/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
