Last few months I’ve been part of the BOMOps tiger team, and we’ve just wrapped up a white paper titled “Improving Risk Management Decisions with SBOM Data”. It’s now ready for review, and I’d love to get broader community feedback on the same.
If you’re up for it, please take a look and share your thoughts by Friday, February 14. You can add comments directly in the Google Doc: https://docs.google.com/document/d/1vFVbWEJmNsAbNPRAtHclC89YQlLUt6xYIvKmFGRkcQA/edit?tab=t.0#heading=h.uweqougndqvk
The goal of the paper is to highlight how SBOMs can be valuable for both software producers and consumers. It’s focused on practical usage, answering questions like:
- “Once I have an SBOM, what do I actually do with it?”
- “What kind of insights can it offer that would benefit my organization?”
This isn’t about setting best practices—it’s more about exploring how SBOMs can be genuinely useful in different contexts.
If you’re reviewing, it’d be super helpful if you could:
- Flag any inaccuracies
- Point out inconsistencies
- Highlight anything that’s unclear or confusing
After reading, it’d be great if you could also fill out this quick survey to share your thoughts on the document: Survey: https://forms.gle/8bVhycAmLLEvLp5A9
Appreciate any feedback you can offer—thanks in advance!
#SBoM #SupplyChainSecurity #BoMOps #Infosec #Defense
cc: Anita D’Amico, PhD Allan Friedman, PhD
https://docs.google.com/document/d/1vFVbWEJmNsAbNPRAtHclC89YQlLUt6xYIvKmFGRkcQA/edit?tab=t.0#heading=h.uweqougndqvk