Hi Craig
At dayjob this has been part of a antivirus solution we have in production
use for long. It scans computers, knows software and versions, knows what
is running and aligns that with CVEs. Don't know if that is already
scraping SBOMS to gain a better picture about the software. Since it is
VEX files are what may be used to report vulnerabilities. It’s somewhat
orthogonal to a release’s SBOM,
Piotr, VP, ECMA and Arnout from Security are discussing this topic. ATR will
make recommendations as Security policies evolve.
Best,
Dave
> On Mar 19, 2025, at 1:27 PM, Dominik Psenner wrot
I was thinking about why we have SBOMs and took it to the next level.
Users use SBOMs in order to know the entire stack of software they are running.
This allows them to know whether the products that they use are subject to
known vulnerabilities. But in order to take advantage of this, they ne
