@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec

@jacques @bagder @gregkh

ICYMI, here's a paper that was trying to answer this research question in the context of #OpenSource #Java projects on GitHub: "What do open-source maintainers think about integrating #VEX into their existing SBOMs?"

TL;DR: "In most cases, our augmented SBOMs were not directly accepted because developers required a continuous SBOM update."

https://dl.acm.org/doi/pdf/10.1145/3696630.3728513

#SBOM #CVE #InfoSec