Distributing SBOMs


Steve Kilbane
 

Hi all,

 

During the IP summit, there was a question (I forget who posted it, sorry) about rules for distributing SBOMs, which caught my attention because I'd been wondering what the typical practices were at present. Are folks including SBOMs as part of installed software (e.g. part of the payload of a self-extracting installer or a managed package), via organisational websites, on demand, something else?

 

Thanks,

 

steve

 

Join main@lists.openchainproject.org to automatically receive all group messages.