log1kal, "If we receive a long list of components in an airplane, do we feel safe enough to fly in it? No. Like any complex systems, the resilience and security of
software systems depends on how components interact."This quote from @shortridge resonates in my booooones about how SBOMs feel maybe useful, but not that much.
It's a long document, but worth a read on recommendations you might take to heart at your work, even if the USG doesn't.
https://kellyshortridge.com/blog/posts/rfi-open-source-security-response/
Add comment