Done. VDR was already listed; added SBOM guidelines from the CISA Software Acquisition Guide ( https://cisa.gov/sag )
Thanks,
Dick Brooks

Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council – A Public-Private Partnership
Never trust software, always verify and report! ™
Risk always exists, but trust must be earned and awarded.™
https://businesscyberguardian.com/
Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx
Tel: +1 978-696-1788
From: maximbaele <notifications@xxxxxxxxxx>
Sent: Monday, February 10, 2025 4:11 AM
To: orcwg/cra-hub <cra-hub@xxxxxxxxxxxxxxxxxx>
Cc: Dick Brooks (BCG) <d.brooks@xxxxxxxx>; Mention <mention@xxxxxxxxxxxxxxxxxx>
Subject: Re: [orcwg/cra-hub] Consider existing guidance for SCRM risk management processes and practices (Issue #131)
Love this! For now, I suggest adding them to the spreadsheet --> https://docs.google.com/spreadsheets/d/1Y36Vueb3Eo_djOuRdpyzoCS1vzGaKpjP-99g3J6rw7Y/edit?gid=0#gid=0
I pinky promise I will transfer them from the sheet to markdown in the near future.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you were mentioned.
Message ID: <orcwg/cra-hub/issues/131/2647370629@xxxxxxxxxx>