OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
This will allow organizations to analyze for publisher related risks better and avoid the use of components from anonymous or publishers with just a name.
Deprecate publisher in favor of a strongly typed publisherContact of type organizationalContact
https://github.com/CycloneDX/specification/blob/master/schema/bom-1.6.schema.json#L906-L910
This will allow organizations to analyze for publisher related risks better and avoid the use of components from anonymous or publishers with just a name.