Issue28 proposes we have a place to start defining terms.
Issue29 proposes to define the term "software bill of materials".
The industry has a problem at the moment with whether adding ancillary information (licensing, vulnerability, End-of-live/sales/security/engineering/..., provenance, pedigree, ...) is "part of the SBOM".
The issue is what to call these "SBOM Plus X" documents
I argue the document created with licensing is not an SBOM but a licensing document. Similarly with each of the other 'additions'.
This is analogous to a bill of materials is different from a price list, is different from an assembly drawing, etc.
Issue28 proposes we have a place to start defining terms. Issue29 proposes to define the term "software bill of materials".
The industry has a problem at the moment with whether adding ancillary information (licensing, vulnerability, End-of-live/sales/security/engineering/..., provenance, pedigree, ...) is "part of the SBOM".
The issue is what to call these "SBOM Plus X" documents
I argue the document created with licensing is not an SBOM but a licensing document. Similarly with each of the other 'additions'. This is analogous to a bill of materials is different from a price list, is different from an assembly drawing, etc.