2.4-SCVS-BOM-04 - Should this be applicable to Level 2 as the tools aren't readily available.

OWASP / Software-Component-Verification-Standard

Software Component Verification Standard (SCVS)

https://owasp.org/scvs

Creative Commons Attribution Share Alike 4.0 International

135 stars 39 forks source link

2.4-SCVS-BOM-04 - Should this be applicable to Level 2 as the tools aren't readily available. #6

Closed pruddll closed 4 years ago

garretfick commented 5 years ago

My opinion on this is that Level 2 should not require particularly onerous efforts. It is beyond Level 1 of "I've heard of the problem", but not as far as "I'll build teams to create tooling where I cannot get it elsewhere".

If that's the perspective, then I think we should try to only include things in Level 2 that require implementing rather than developing solutions.

stevespringett commented 4 years ago

Tools area readily avaialble as the standards for doing so have been around for years.