Patrick Dwyer
Patrick Dwyer
And in that vein, maybe there should be a an indicator if it is a component or organisation level thing? And whether it is just a basic assertion, we've done...
I think maybe we should also consider training data sets as components of a ML model.
At the top level we would define property namespaces like `cdx`, `cdx:nuget`, `cdx:dotnet`, etc. Then there would be documented property names under each namespace. I'm thinking a file structure something...
@nscuro I'll create a repo and get the basic content ready.
Repo is up here https://github.com/CycloneDX/cyclonedx-property-taxonomy I've got it set to private. Be good to get some feedback from you both before I flip it to public.
Yeah, I was wondering about making it a requirement.
I haven't created the code owners file or an issue template or form yet. But I have simplified the ABNF spec, specifically called out US ASCII requirements, added a link...
I think a confidence score will be either hard to define or purely subjective. And is the purpose solely for auditing the BOM itself vs the software? That's how this...
I really like this idea. But, I think this would be better handled as a separate step. It might not be the same in this ecosystem. But with .NET, for...
I think this needs to be done in an ecosystem agnostic way. This is a bit like issue #129