About a month ago, CISA requested industry/community comment on a proposed new minimum set of SBOM elements to replace the original NTIA list. Few people on the planet have thought as much about what belongs in an SBOM than the SPDX tech team which took up the discussion. With input from the team and others, Kate Stewart, Rose Judge, Gary O’Neall, Steve Winslow and Arthit Suriyawongkul did the heavy lifting of authoring the SPDX response.
