search

OpenChain-Project / Telco-WG

This is the OpenChain Telco Work Group
Other
12 stars 6 forks source link

[Question] Notice of Compliance for SBOM requester #58

Closed MasahiroDAIKOKU closed 1 year ago

MasahiroDAIKOKU commented 1 year ago

Question

Chapter 4, "Notice of Compliance," describes two example statements to SBOM providers. It would be very helpful to have a statement of the sentence to which the SBOM requester can refer, as well as the sentences for SBOM providers in Chapter 4. When requesting an SBOM, for example, in an RFP, I think there are cases where we would like to refer to this "OpenChain Telco SBOM specification".

Suggested Solution

Add text to Chapter 4 that SBOM requesters can refer to.

vargenau commented 1 year ago

Can you please propose a wording for this statement?

Thank you

MasahiroDAIKOKU commented 1 year ago

The following is a draft statement in Chap. 4.

The following statement MAY be used as statement in the RFP document, order document, or contract document when requesting an RFP, purchasing orders, or outsourced development orders from a software vendor or telco system suppliers.

When releasing software, it is REQUIRED to provide an SBOM compliant with the OpenChain Telco SBOM Specification v1.0 for all software released. This specification is available at "https://github.com/OpenChain-Project/Telco-WG/blob/main/OpenChain%20Telco%20SBOM%20Specification.md

vargenau commented 1 year ago

Implemented by pull request #70