| Re: [open-regulatory-compliance] Vulnerability Handling Task Force Meeting Minutes |
Tobie, Regarding: “Best current practise for SBOM in open source projects” The US Government follows NIST Guidance for SBOM implementation best practices for all software products, which you will find here: This NIST SBOM guidance information is also referenced in the SPDX SBOM V 2.3 spec under appendix K: There is also an #SBOM SIG on LinkedIn public group (anyone can post/view) where SBOM implementers share insights and best practices on successful SBOM implementation, both SPDX and CycloneDX SBOMs are discussed; https://www.linkedin.com/groups/13274064/ Thanks, Dick Brooks
Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: dick@xxxxxxxxxxxxxxxxxxxxxxxxx Tel: +1 978-696-1788 From: open-regulatory-compliance <open-regulatory-compliance-bounces@xxxxxxxxxxx> On Behalf Of Tobie Langel via open-regulatory-compliance Hi all, Please find the minutes for today's call here: https://github.com/orcwg/orcwg/blob/main/cyber-resilience-sig/minutes/vulnerability-handling-task-force/2025-06-19-mom-vulnerability-handling-tf.md Please find the agenda for the next meeting (July 3) here: https://github.com/orcwg/orcwg/blob/main/cyber-resilience-sig/minutes/vulnerability-handling-task-force/2025-07-03-mom-vulnerability-handling-tf.md As agreed during today's call, please use this email thread to discuss topics for potential TF deliverables. Here are some possible topics that were raised:
Additionally, it might be worth getting acquainted with the deliverables plan as it contains a number of deliverables that might be interesting for this TF to get involved with or to drive. Best, --tobie --- |
