Open idunbarh opened 1 month ago
@idunbarh Is this question intended to tease out how we might achieve merging more generally (vis-à-vis SBOM's)? Or are we looking to merge vulnerability data into SBOM's as part of the study? The consensus in the August 20 working meeting was that we don't think the latter is in-scope.
Sorry for the delayed response. It was intended to see more generally how others are handling merging (not to bring vulnerability handling in scope).
We'll be seeing @puerco in-person this week at sbom-a-rama. We can bring this up.
The question was asked last week and @puerco is probably best to answer.