Re: SPDX and NTIA SBOM Minimum elements #spdx
William Bartholomew (CELA)
This is how Microsoft has approached this:
The one thing I’d add is that additional identifiers would be stored in External References.
William Bartholomew (he/him) – Let’s chat
Principal Security Strategist
Global Cybersecurity Policy – Microsoft
My working day may not be your working day. Please don’t feel obliged to reply to this e-mail outside of your normal working hours.
From: spdx@... <spdx@...> On Behalf Of
Dick Brooks via lists.spdx.org
NTIA Framing document has the mapping you seek: see page 13
However the “EO 14028 NTIA min element list is a little different from the framing document list (see attached)
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership
Tel: +1 978-696-1788