OWASP CycloneDX is a full-stack Bill of Materials (BOM) standard that provides advanced supply chain capabilities for cyber risk reduction. SBOM, SaaSBOM, HBOM, AI/ML-BOM, CBOM, OBOM, MBOM, VDR, and VEX
Consider enhancing organizationalContact to support the following:
public gpg key bom-ref - This is especially useful to verify publishers and identify all components published with the same key. Tools must first create a component of type cryptographic-asset and use that bom-ref in the contact attribute
tags - Tags such as maintainer or git user ids can help locate the contact and their published components faster
Consider enhancing
organizationalContact
to support the following:cryptographic-asset
and use that bom-ref in the contact attributemaintainer
or git user ids can help locate the contact and their published components faster