FYI: CycloneDX now supports NIST Vulnerability Disclosure Reports (VDR)

Dick Brooks


It’s good to know that SPDX V 2.3 also supports NIST VDR. This is one of the artifacts for Government implementation of OMB memo M-22-18 that goes into effect on January 2023.




Dick Brooks


Active Member of the CISA Critical Manufacturing Sector,

Sector Coordinating Council – A Public-Private Partnership


Never trust software, always verify and report!

Email: dick@...

Tel: +1 978-696-1788