Post
ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"
TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."
ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"
TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."
A space for Bonfire maintainers and contributors to communicate