Software Bill of Materials (SBOM)

[iaik-jheher]

(Issue migrated from Gitlab: Internal link)

In light of recent supply chain vulnerabilities, the concept of a Software Bill of Materials (SBOM) is gaining traction again.

The US govt already requires SBOMs for all federal software purchases, so I speculate that similar policies in the EU may follow within the next years.

Research into popular machine-readable SBOM formats is needed before determining how to proceed, but I want to include a SBOM manifest in PDFOver at some point.