I have a question for #DIDay #DigitalIndependenceDay:
If I had an #SBOM of all (or some) software installed on a device, could it be joined *automatically* with some other freely available data to
1. see if a software is affected (closed source, from Big Tech company, from USA, ...) and
2. if a good alternative exists?